Количество 7
Количество 7
CVE-2023-22794
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.
CVE-2023-22794
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.
CVE-2023-22794
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.
CVE-2023-22794
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 relate ...
GHSA-hq7p-j377-6v63
SQL Injection Vulnerability via ActiveRecord comments
BDU:2023-07138
Уязвимость компонента Active Record программной платформы Ruby on Rails, связанная с возможностью внедрения SQL-кода через комментарии, позволяющая нарушителю выполнить произвольный код
ROS-20250203-13
Множественные уязвимости rubygem-activerecord
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-22794 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. | CVSS3: 8.8 | 5% Низкий | почти 3 года назад |
 | CVE-2023-22794 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. | CVSS3: 8.3 | 5% Низкий | почти 3 года назад |
 | CVE-2023-22794 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. | CVSS3: 8.8 | 5% Низкий | почти 3 года назад |
| CVE-2023-22794 A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 relate ... | CVSS3: 8.8 | 5% Низкий | почти 3 года назад |
| GHSA-hq7p-j377-6v63 SQL Injection Vulnerability via ActiveRecord comments | CVSS3: 8.8 | 5% Низкий | почти 3 года назад |
 | BDU:2023-07138 Уязвимость компонента Active Record программной платформы Ruby on Rails, связанная с возможностью внедрения SQL-кода через комментарии, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.8 | 5% Низкий | почти 3 года назад |
 | ROS-20250203-13 Множественные уязвимости rubygem-activerecord | CVSS3: 8.8 | 10 месяцев назад |
Уязвимостей на страницу