Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-3483

Published: 07/07/2014 Updated: 08/08/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Rails

Vulnerability Summary

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x prior to 4.0.7 and 4.1.x prior to 4.1.3 allows remote malicious users to execute arbitrary SQL commands by leveraging improper range quoting.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rubyonrails rails 4.0.5

rubyonrails rails 4.0.1

rubyonrails rails 4.0.6

rubyonrails rails 4.1.0

rubyonrails rails 4.0.4

rubyonrails rails 4.0.3

rubyonrails rails 4.0.2

rubyonrails rails 4.1.2

rubyonrails rails 4.1.1

rubyonrails rails 4.0.0

Vendor Advisories

Debian Security Advisories: DSA-2982-1 ruby-activerecord-3.2 -- security update
Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection For the stable distribution (wheezy), these problems have been fixed in version 326-5+deb7u1 Debian provides two variants of Ruby on Rails in Wheezy (23 and 32) Support for the 23 variants had to be ceased at this point ...
Red Hat: CVE-2014-3483
It was discovered that Active Record did not properly quote values of the range type attributes when using the PostgreSQL database adapter A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record ...

References

CWE-89http://openwall.com/lists/oss-security/2014/07/02/5https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4Jhttp://rhn.redhat.com/errata/RHSA-2014-0877.htmlhttp://secunia.com/advisories/59971http://secunia.com/advisories/60214http://www.debian.org/security/2014/dsa-2982http://www.securityfocus.com/bid/68341https://nvd.nist.govhttps://www.debian.org/security/./dsa-2982https://access.redhat.com/security/cve/cve-2014-3483
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook