SQL Injection Vulnerability in PostgreSQL Adapter for Ruby on Rails
CVE-2014-3483

Currently unrated

Key Information:

Vendor: Rubyonrails
Status: Rails
Vendor: CVE Published:; 7 July 2014

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2014-3483?

This vulnerability allows remote attackers to exploit improper range quoting in the PostgreSQL adapter for Active Record in Ruby on Rails, enabling execution of arbitrary SQL commands. This could lead to unauthorized data access and manipulation, posing a significant risk to applications utilizing affected versions of the framework.

References

http://rhn.redhat.com/errata/RHSA-2014-0877.html

vendor-advisoryx_refsource_REDHAT

http://secunia.com/advisories/59971

third-party-advisoryx_refsource_SECUNIA

http://openwall.com/lists/oss-security/2014/07/02/5

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2014
Vulnerability Reserved
May 14, 2014