Published: 20/02/2014 Updated: 08/08/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x prior to 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote malicious users to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rubyonrails rails 4.0.2
rubyonrails rails 4.0.1
rubyonrails rails 4.1.0
rubyonrails rails 4.0.0

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/castrb in Active Record in Ruby on Rails 40x before 403, and 410beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on ...

CWE-89 http://openwall.com/lists/oss-security/2014/02/18/9 https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-0080

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-0080

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect