Количество 7
Количество 7
BDU:2023-07138
Уязвимость компонента Active Record программной платформы Ruby on Rails, связанная с возможностью внедрения SQL-кода через комментарии, позволяющая нарушителю выполнить произвольный код
ROS-20250203-13
Множественные уязвимости rubygem-activerecord
CVE-2023-22794
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.
CVE-2023-22794
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.
CVE-2023-22794
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.
CVE-2023-22794
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 relate ...
GHSA-hq7p-j377-6v63
SQL Injection Vulnerability via ActiveRecord comments
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2023-07138 Уязвимость компонента Active Record программной платформы Ruby on Rails, связанная с возможностью внедрения SQL-кода через комментарии, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.8 | 4% Низкий | больше 2 лет назад |
 | ROS-20250203-13 Множественные уязвимости rubygem-activerecord | CVSS3: 8.8 | 5 месяцев назад | |
 | CVE-2023-22794 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. | CVSS3: 8.8 | 4% Низкий | больше 2 лет назад |
 | CVE-2023-22794 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. | CVSS3: 8.3 | 4% Низкий | больше 2 лет назад |
 | CVE-2023-22794 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. | CVSS3: 8.8 | 4% Низкий | больше 2 лет назад |
| CVE-2023-22794 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 relate ... | CVSS3: 8.8 | 4% Низкий | больше 2 лет назад |
| GHSA-hq7p-j377-6v63 SQL Injection Vulnerability via ActiveRecord comments | CVSS3: 8.8 | 4% Низкий | больше 2 лет назад |
Уязвимостей на страницу