CVE-2014-3483CVE-2014-3483

Affected configuration(s):

cpe:/a:rubyonrails:ruby_on_rails:4.0.0:-
cpe:/a:rubyonrails:ruby_on_rails:4.0.0:beta
cpe:/a:rubyonrails:ruby_on_rails:4.0.0:rc1
cpe:/a:rubyonrails:ruby_on_rails:4.0.0:rc2
cpe:/a:rubyonrails:ruby_on_rails:4.0.1:-
cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc1
cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc2
cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc3
cpe:/a:rubyonrails:ruby_on_rails:4.0.1:rc4
cpe:/a:rubyonrails:ruby_on_rails:4.0.2:-
cpe:/a:rubyonrails:ruby_on_rails:4.0.3
cpe:/a:rubyonrails:ruby_on_rails:4.0.4
cpe:/a:rubyonrails:ruby_on_rails:4.0.5
cpe:/a:rubyonrails:ruby_on_rails:4.0.6
cpe:/a:rubyonrails:ruby_on_rails:4.0.6:rc1
cpe:/a:rubyonrails:ruby_on_rails:4.0.6:rc2
cpe:/a:rubyonrails:ruby_on_rails:4.0.6:rc3
cpe:/a:rubyonrails:ruby_on_rails:4.1.0:-
cpe:/a:rubyonrails:ruby_on_rails:4.1.0:beta1
cpe:/a:rubyonrails:ruby_on_rails:4.1.1
cpe:/a:rubyonrails:ruby_on_rails:4.1.2
cpe:/a:rubyonrails:ruby_on_rails:4.1.2:rc1
cpe:/a:rubyonrails:ruby_on_rails:4.1.2:rc2
cpe:/a:rubyonrails:ruby_on_rails:4.1.2:rc3

Date published: 2014-07-07T07:01:30.573-04:00

Date last modified: 2015-10-13T12:47:41.227-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://openwall.com/lists/oss-security/2014/07/02/5

Summary: SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.