---
gem: activerecord
framework: rails
cve: 2014-0080
osvdb: 103438
url: http://osvdb.org/show/osvdb/103438
title: Data Injection Vulnerability in Active Record
date: 2014-02-18

description: |
  Ruby on Rails contains a flaw in connection_adapters/postgresql/cast.rb
  in Active Record. This issue may allow a remote attacker to inject data
  into PostgreSQL array columns via a specially crafted string.

cvss_v2: 

unaffected_versions:
  - "< 3.2.0"
  - ~> 3.2.0

patched_versions:
  - ~> 4.0.3
  - ">= 4.1.0.beta2"