Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

activerecord project activerecord vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2022-44566
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing ...
Activerecord Project Activerecord
9.8
CVSSv3
CVE-2022-32224
A possible escalation to RCE vulnerability exists when using YAML serialized columns in Active Record < 7.0.3.1, <6.1.6.1, <6.0.5.1 and <5.2.8.1 which could allow an attacker, that can manipulate data in the database (via means like SQL injection), the ability to esca...
Activerecord Project Activerecord
8.8
CVSSv3
CVE-2023-22794
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds ann...
Activerecord Project Activerecord
9.8
CVSSv3
CVE-2022-35956
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to ...
Update By Case Project Update By Case
NA
CVE-2011-2930
Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails prior to 2.3.13, 3.0.x prior to 3.0.10, and 3.1.x prior to 3.1.0.rc5 allow remote malicious users to execute ...
Rubyonrails Rails 2.3.10Rubyonrails Rails 2.2.1Rubyonrails Rails 2.0.2Rubyonrails Rails 2.0.0Rubyonrails Rails 2.3.4Rubyonrails Rails 3.0.5Rubyonrails Rails 3.0.7Rubyonrails Rails 3.0.2Rubyonrails Rails 3.0.9Rubyonrails Rails 3.0.10Rubyonrails Rails 3.0.0Rubyonrails Rails 3.1.0Rubyonrails Rails 2.3.11Rubyonrails Rails 2.3.12Rubyonrails Rails 2.3.3Rubyonrails Rails 2.3.2Rubyonrails Rails 3.0.4Rubyonrails Rails 3.0.8Rubyonrails Rails 3.0.1Rubyonrails Rails 2.1.1Rubyonrails Rails 2.1.2Rubyonrails Rails 2.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook