Sha256: e49ba1f3abefd35867e3d73bdb767a99734689ec497391b9135653cd9ac2d2ea
Contents?: true
Size: 1.33 KB
Versions: 13
Compression:
Stored size: 1.33 KB
Contents
module Dawn
module Kb
# Automatically created with rake on 2014-02-19
class CVE_2014_0080
# Include the testing skeleton for this CVE
include DependencyCheck
def initialize
message = "SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute \"add data\" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns."
super({
:name=>"CVE-2014-0080",
:cvss=>"AV:N/AC:M/Au:N/C:P/I:P/A:P",
:release_date => Date.new(2014, 2, 20),
:cwe=>"89",
:owasp=>"A1",
:applies=>["rails"],
:kind=>Dawn::KnowledgeBase::DEPENDENCY_CHECK,
:message=>message,
:mitigation=>"Please upgrade rails version at least to 4.0.3 or 4.1.0.beta2. As a general rule, using the latest stable rails version is recommended.",
:aux_links=>["https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ"]
})
self.safe_dependencies = [{:name=>"rails", :version=>['4.0.3', '4.1.0.beta2']}]
end
end
end
end
Version data entries
13 entries across 13 versions & 1 rubygems