Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-15D5A1B2A1998C49B1BF3F0C0CB896DC

HistoryFeb 20, 2014 - 12:00 a.m.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

2014-02-2000:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.0%

JSON

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute “add data” SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

Affected configurations

Vulners

Node

gemactiverecordRange3.2.0≥

gemactiverecordRange<4.0.3

CPENameOperatorVersion
gem/activerecordge3.2.0
gem/activerecordlt4.0.3

CPE	Name	Operator	Version
	gem/activerecord	ge	3.2.0
	gem/activerecord	lt	4.0.3

References

openwall.com/lists/oss-security/2014/02/18/9

nvd.nist.gov/vuln/detail/CVE-2014-0080

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.0%

JSON

Related for GITLAB-15D5A1B2A1998C49B1BF3F0C0CB896DC