Lucene search
HistoryJul 07, 2014 - 11:01 a.m.
CVE-2014-3482
cve-2014-3482
sql injection
postgresql
active record
ruby on rails
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.3 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.5%
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.
Affected configurations
Node
rubyonrailsrailsMatch2.0.0
ORrubyonrailsrailsMatch2.0.0rc1
ORrubyonrailsrailsMatch2.0.0rc2
ORrubyonrailsrailsMatch2.0.1
ORrubyonrailsrailsMatch2.0.2
ORrubyonrailsrailsMatch2.0.4
ORrubyonrailsrailsMatch2.1.0
ORrubyonrailsrailsMatch2.1.1
ORrubyonrailsrailsMatch2.1.2
ORrubyonrailsrailsMatch2.2.0
ORrubyonrailsrailsMatch2.2.1
ORrubyonrailsrailsMatch2.2.2
ORrubyonrailsrailsMatch2.3.0
ORrubyonrailsrailsMatch2.3.1
ORrubyonrailsrailsMatch2.3.2
ORrubyonrailsrailsMatch2.3.3
ORrubyonrailsrailsMatch2.3.4
ORrubyonrailsrailsMatch2.3.9
ORrubyonrailsrailsMatch2.3.10
ORrubyonrailsrailsMatch2.3.11
ORrubyonrailsrailsMatch2.3.12
ORrubyonrailsrailsMatch2.3.13
ORrubyonrailsrailsMatch2.3.14
ORrubyonrailsrailsMatch2.3.15
ORrubyonrailsrailsMatch2.3.16
ORrubyonrailsrailsMatch2.3.18
ORrubyonrailsrailsMatch3.0.0
ORrubyonrailsrailsMatch3.0.0beta
ORrubyonrailsrailsMatch3.0.0beta2
ORrubyonrailsrailsMatch3.0.0beta3
ORrubyonrailsrailsMatch3.0.0beta4
ORrubyonrailsrailsMatch3.0.0rc
ORrubyonrailsrailsMatch3.0.0rc2
ORrubyonrailsrailsMatch3.0.1
ORrubyonrailsrailsMatch3.0.1pre
ORrubyonrailsrailsMatch3.0.2
ORrubyonrailsrailsMatch3.0.2pre
ORrubyonrailsrailsMatch3.0.3
ORrubyonrailsrailsMatch3.0.4rc1
ORrubyonrailsrailsMatch3.0.5
ORrubyonrailsrailsMatch3.0.5rc1
ORrubyonrailsrailsMatch3.0.6
ORrubyonrailsrailsMatch3.0.6rc1
ORrubyonrailsrailsMatch3.0.6rc2
ORrubyonrailsrailsMatch3.0.7
ORrubyonrailsrailsMatch3.0.7rc1
ORrubyonrailsrailsMatch3.0.7rc2
ORrubyonrailsrailsMatch3.0.8
ORrubyonrailsrailsMatch3.0.8rc1
ORrubyonrailsrailsMatch3.0.8rc2
ORrubyonrailsrailsMatch3.0.8rc3
ORrubyonrailsrailsMatch3.0.8rc4
ORrubyonrailsrailsMatch3.0.9
ORrubyonrailsrailsMatch3.0.9rc1
ORrubyonrailsrailsMatch3.0.9rc2
ORrubyonrailsrailsMatch3.0.9rc3
ORrubyonrailsrailsMatch3.0.9rc4
ORrubyonrailsrailsMatch3.0.9rc5
ORrubyonrailsrailsMatch3.0.10
ORrubyonrailsrailsMatch3.0.10rc1
ORrubyonrailsrailsMatch3.0.11
ORrubyonrailsrailsMatch3.0.12
ORrubyonrailsrailsMatch3.0.12rc1
ORrubyonrailsrailsMatch3.0.13
ORrubyonrailsrailsMatch3.0.13rc1
ORrubyonrailsrailsMatch3.0.14
ORrubyonrailsrailsMatch3.0.16
ORrubyonrailsrailsMatch3.0.17
ORrubyonrailsrailsMatch3.0.18
ORrubyonrailsrailsMatch3.0.19
ORrubyonrailsrailsMatch3.0.20
ORrubyonrailsrailsMatch3.1.0
ORrubyonrailsrailsMatch3.1.0beta1
ORrubyonrailsrailsMatch3.1.0rc1
ORrubyonrailsrailsMatch3.1.0rc2
ORrubyonrailsrailsMatch3.1.0rc3
ORrubyonrailsrailsMatch3.1.0rc4
ORrubyonrailsrailsMatch3.1.0rc5
ORrubyonrailsrailsMatch3.1.0rc6
ORrubyonrailsrailsMatch3.1.0rc7
ORrubyonrailsrailsMatch3.1.0rc8
ORrubyonrailsrailsMatch3.1.1
ORrubyonrailsrailsMatch3.1.1rc1
ORrubyonrailsrailsMatch3.1.1rc2
ORrubyonrailsrailsMatch3.1.1rc3
ORrubyonrailsrailsMatch3.1.2
ORrubyonrailsrailsMatch3.1.2rc1
ORrubyonrailsrailsMatch3.1.2rc2
ORrubyonrailsrailsMatch3.1.3
ORrubyonrailsrailsMatch3.1.4
ORrubyonrailsrailsMatch3.1.4rc1
ORrubyonrailsrailsMatch3.1.5
ORrubyonrailsrailsMatch3.1.5rc1
ORrubyonrailsrailsMatch3.1.6
ORrubyonrailsrailsMatch3.1.7
ORrubyonrailsrailsMatch3.1.8
ORrubyonrailsrailsMatch3.1.9
ORrubyonrailsrailsMatch3.1.10
ORrubyonrailsrailsMatch3.2.0
ORrubyonrailsrailsMatch3.2.0rc1
ORrubyonrailsrailsMatch3.2.0rc2
ORrubyonrailsrailsMatch3.2.1
ORrubyonrailsrailsMatch3.2.2
ORrubyonrailsrailsMatch3.2.2rc1
ORrubyonrailsrailsMatch3.2.3
ORrubyonrailsrailsMatch3.2.3rc1
ORrubyonrailsrailsMatch3.2.3rc2
ORrubyonrailsrailsMatch3.2.4
ORrubyonrailsrailsMatch3.2.4rc1
ORrubyonrailsrailsMatch3.2.5
ORrubyonrailsrailsMatch3.2.6
ORrubyonrailsrailsMatch3.2.7
ORrubyonrailsrailsMatch3.2.8
ORrubyonrailsrailsMatch3.2.9
ORrubyonrailsrailsMatch3.2.10
ORrubyonrailsrailsMatch3.2.11
ORrubyonrailsrailsMatch3.2.12
ORrubyonrailsrailsMatch3.2.13rc1
ORrubyonrailsrailsMatch3.2.13rc2
ORrubyonrailsrailsMatch3.2.15rc3
ORrubyonrailsrailsMatch3.2.16
ORrubyonrailsrailsMatch3.2.17
ORrubyonrailsrailsMatch3.2.18
ORrubyonrailsruby_on_railsMatch2.3.17
ORrubyonrailsruby_on_railsMatch3.0.4
References
openwall.com/lists/oss-security/2014/07/02/5
rhn.redhat.com/errata/RHSA-2014-0876.html
secunia.com/advisories/59973
secunia.com/advisories/60214
secunia.com/advisories/60763
www.debian.org/security/2014/dsa-2982
www.securityfocus.com/bid/68343
groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
Related
osv
osv
SQL Injection in Active Record
2017-10-24 18:33:36
nvd
nvd
CVE-2014-3482
2014-07-07 11:01:30
gitlab
gitlab
SQL Injection Vulnerabilities Affecting PostgreSQL
2014-07-07 00:00:00
debiancve
debiancve
CVE-2014-3482
2014-07-07 11:01:30
veracode
veracode
SQL Command Injection By Leveraging Improper Bitstring Quoting
2019-01-15 08:56:04
cvelist
cvelist
CVE-2014-3482
2014-07-07 10:00:00
prion
prion
Sql injection
2014-07-07 11:01:00
redhat
redhat
(RHSA-2014:0876) Moderate: ruby193-rubygem-activerecord security update
2014-07-14 00:00:00
github
github
SQL Injection in Active Record
2017-10-24 18:33:36
nessus
nessus
Fedora 19 : rubygem-activerecord-3.2.13-2.fc19 (2014-8089)
2014-08-23 00:00:00
Debian DSA-2982-1 : ruby-activerecord-3.2 - security update
2014-07-21 00:00:00
hackerone
hackerone
openvas
openvas
Fedora Update for rubygem-activerecord FEDORA-2014-8089
2014-08-23 00:00:00
Debian: Security Advisory (DSA-2982-1)
2014-07-18 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: rubygem-activerecord-3.2.13-2.fc19
2014-08-23 01:55:32
ubuntucve
ubuntucve
CVE-2014-3482
2014-07-07 00:00:00
rubygems
rubygems
debian
debian
[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update
2014-07-19 10:09:34
securityvulns
securityvulns
[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update
2014-10-16 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.3 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.5%
Related for CVE-2014-3482