Sha256: 6f82ff1a134e14337a619c7e4af63cd7c96e043abcae99ada891ed2da6612aa3

Contents?: true

Size: 663 Bytes

Versions: 5

Compression:

Stored size: 663 Bytes

Contents

---
gem: activerecord
framework: rails
cve: 2014-3483
osvdb: 108665
url: http://osvdb.org/show/osvdb/108665
title: SQL Injection Vulnerability in Active Record
date: 2014-07-02

description: |
  Ruby on Rails contains a flaw that may allow carrying out an SQL injection attack.
  The issue is due to the PostgreSQL adapter for Active Record not properly
  sanitizing user-supplied input when quoting ranges. This may allow a remote
  attacker to inject or manipulate SQL queries in the back-end database,
  allowing for the manipulation or disclosure of arbitrary data.

cvss_v2:

unaffected_versions:
  - "< 4.0.0"

patched_versions:
  - ~> 4.0.7
  - ">= 4.1.3"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/activerecord/OSVDB-108665.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/activerecord/OSVDB-108665.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/activerecord/OSVDB-108665.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/activerecord/OSVDB-108665.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/activerecord/OSVDB-108665.yml