Sha256: 17c32d5ba275303521ccdc19b37b50c1938c764eb372329ff4dc8a8f625dc69b

Contents?: true

Size: 519 Bytes

Versions: 8

Compression:

Stored size: 519 Bytes

Contents

---
gem: activerecord
framework: rails
cve: 2014-0080
osvdb: 103438
url: http://osvdb.org/show/osvdb/103438
title: Data Injection Vulnerability in Active Record
date: 2014-02-18

description: |
  Ruby on Rails contains a flaw in connection_adapters/postgresql/cast.rb
  in Active Record. This issue may allow a remote attacker to inject data
  into PostgreSQL array columns via a specially crafted string.

cvss_v2: 

unaffected_versions:
  - "< 3.2.0"
  - ~> 3.2.0

patched_versions:
  - ~> 4.0.3
  - ">= 4.1.0.beta2"

Version data entries

8 entries across 8 versions & 3 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/activerecord/OSVDB-103438.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/activerecord/OSVDB-103438.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/activerecord/OSVDB-103438.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/activerecord/OSVDB-103438.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/activerecord/OSVDB-103438.yml
bundler-audit-0.4.0 data/ruby-advisory-db/gems/activerecord/OSVDB-103438.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/activerecord/OSVDB-103438.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/activerecord/OSVDB-103438.yml