Contents

---
gem: activerecord
framework: rails
cve: 2014-3482
osvdb: 108664
url: https://nvd.nist.gov/vuln/detail/CVE-2014-3482
title: SQL Injection Vulnerability in Active Record
date: 2014-07-02

description: |
  Ruby on Rails contains a flaw that may allow carrying out an SQL injection attack.
  The issue is due to the PostgreSQL adapter for Active Record not properly
  sanitizing user-supplied input when quoting bitstring. This may allow a remote
  attacker to inject or manipulate SQL queries in the back-end database,
  allowing for the manipulation or disclosure of arbitrary data.

cvss_v2:

unaffected_versions:
  - ">= 4.0.0"

patched_versions:
  - ~> 3.2.19

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/gems/activerecord/CVE-2014-3482.yml