SQL Injection Vulnerability in Ruby on Rails PostgreSQL Adapter by Ruby
CVE-2014-3482

Currently unrated

Key Information:

Vendor: Rubyonrails
Status: Ruby On Rails; Rails
Vendor: CVE Published:; 7 July 2014

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2014-3482?

A vulnerability exists in the PostgreSQL adapter for Active Record within Ruby on Rails versions 2.x and 3.x prior to 3.2.19. This flaw allows remote attackers to execute arbitrary SQL commands due to improper handling of bitstring quoting. An exploitation can lead to severe security risks, potentially compromising the integrity of the database and allowing unauthorized access to sensitive data.

References

http://www.securityfocus.com/bid/68343

vdb-entryx_refsource_BID

http://secunia.com/advisories/59973

third-party-advisoryx_refsource_SECUNIA

http://openwall.com/lists/oss-security/2014/07/02/5

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
May 14, 2014