Lucene search
GitHub Advisory DatabaseGHSA-MHWP-QHPC-H3JMHistoryOct 24, 2017 - 6:33 p.m.
SQL Injection in Active Record
2017-10-2418:33:36
CWE-89
GitHub Advisory Database
github.com
15
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
79.5%
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.
Affected configurations
Node
activerecord_projectactiverecordRange2.0.0≥ruby
ORactiverecord_projectactiverecordRange<3.2.19ruby
| CPE | Name | Operator | Version |
|---|---|---|---|
| activerecord | ge | 2.0.0 | |
| activerecord | lt | 3.2.19 |
Related
osv
osv
SQL Injection in Active Record
2017-10-24 18:33:36
nvd
nvd
CVE-2014-3482
2014-07-07 11:01:30
gitlab
gitlab
SQL Injection Vulnerabilities Affecting PostgreSQL
2014-07-07 00:00:00
cve
cve
CVE-2014-3482
2014-07-07 11:01:30
veracode
veracode
SQL Command Injection By Leveraging Improper Bitstring Quoting
2019-01-15 08:56:04
debiancve
debiancve
CVE-2014-3482
2014-07-07 11:01:30
cvelist
cvelist
CVE-2014-3482
2014-07-07 10:00:00
prion
prion
Sql injection
2014-07-07 11:01:00
openvas
openvas
Fedora Update for rubygem-activerecord FEDORA-2014-8089
2014-08-23 00:00:00
Debian: Security Advisory (DSA-2982-1)
2014-07-18 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: rubygem-activerecord-3.2.13-2.fc19
2014-08-23 01:55:32
ubuntucve
ubuntucve
CVE-2014-3482
2014-07-07 00:00:00
hackerone
hackerone
redhat
redhat
(RHSA-2014:0876) Moderate: ruby193-rubygem-activerecord security update
2014-07-14 00:00:00
nessus
nessus
Fedora 19 : rubygem-activerecord-3.2.13-2.fc19 (2014-8089)
2014-08-23 00:00:00
Debian DSA-2982-1 : ruby-activerecord-3.2 - security update
2014-07-21 00:00:00
rubygems
rubygems
debian
debian
[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update
2014-07-19 10:09:34
securityvulns
securityvulns
[SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update
2014-10-16 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
79.5%
Related for GHSA-MHWP-QHPC-H3JM