CVE-2014-0080

2014-02-2015:27:02

CWE-89

redhat

web.nvd.nist.gov

cve

sql injection

active record

ruby on rails

postgresql

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.004

Percentile

72.4%

JSON

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute “add data” SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

Affected configurations

Nvd

Node

rubyonrailsrailsMatch4.0.0-

rubyonrailsrailsMatch4.0.0beta

rubyonrailsrailsMatch4.0.0rc1

rubyonrailsrailsMatch4.0.0rc2

rubyonrailsrailsMatch4.0.1-

rubyonrailsrailsMatch4.0.1rc1

rubyonrailsrailsMatch4.0.1rc2

rubyonrailsrailsMatch4.0.1rc3

rubyonrailsrailsMatch4.0.1rc4

rubyonrailsrailsMatch4.0.2

rubyonrailsrailsMatch4.1.0beta1

VendorProductVersionCPE
rubyonrailsrails4.0.0cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*
rubyonrailsrails4.0.0cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*
rubyonrailsrails4.0.0cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*
rubyonrailsrails4.0.0cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*
rubyonrailsrails4.0.1cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*
rubyonrailsrails4.0.1cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*
rubyonrailsrails4.0.1cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*
rubyonrailsrails4.0.1cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*
rubyonrailsrails4.0.1cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*
rubyonrailsrails4.0.2cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rubyonrails	rails	4.0.0	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
rubyonrails	rails	4.0.0	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
rubyonrails	rails	4.0.0	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
rubyonrails	rails	4.0.0	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
rubyonrails	rails	4.0.1	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
rubyonrails	rails	4.0.1	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
rubyonrails	rails	4.0.1	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
rubyonrails	rails	4.0.1	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
rubyonrails	rails	4.0.1	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
rubyonrails	rails	4.0.2	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*