CVE-2014-3483
rubygem-activerecord: SQL injection vulnerability in 'range' quoting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.
Vulnerabilidad de inyección SQL en activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb en el adaptador PostgreSQL para Active Record en Ruby on Rails 4.x anterior a 4.0.7 y 4.1.x anterior a 4.1.3 permite a atacantes remotos ejecutar comandos SQL arbitrarios mediante el aprovechamiento de el citado de rangos indebido.
It was discovered that Active Record did not properly quote values of the range type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Reserved
- 2014-07-07 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://openwall.com/lists/oss-security/2014/07/02/5 | Mailing List | |
http://secunia.com/advisories/59971 | Third Party Advisory | |
http://secunia.com/advisories/60214 | Third Party Advisory | |
http://www.securityfocus.com/bid/68341 | Vdb Entry | |
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2014-0877.html | 2019-08-08 | |
http://www.debian.org/security/2014/dsa-2982 | 2019-08-08 | |
https://access.redhat.com/security/cve/CVE-2014-3483 | 2014-07-14 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1114427 | 2014-07-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.0 Search vendor "Rubyonrails" for product "Rails" and version "4.0.0" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.0 Search vendor "Rubyonrails" for product "Rails" and version "4.0.0" | beta |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.0 Search vendor "Rubyonrails" for product "Rails" and version "4.0.0" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.0 Search vendor "Rubyonrails" for product "Rails" and version "4.0.0" | rc2 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.1 Search vendor "Rubyonrails" for product "Rails" and version "4.0.1" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.1 Search vendor "Rubyonrails" for product "Rails" and version "4.0.1" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.1 Search vendor "Rubyonrails" for product "Rails" and version "4.0.1" | rc2 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.1 Search vendor "Rubyonrails" for product "Rails" and version "4.0.1" | rc3 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.1 Search vendor "Rubyonrails" for product "Rails" and version "4.0.1" | rc4 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.2 Search vendor "Rubyonrails" for product "Rails" and version "4.0.2" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.3 Search vendor "Rubyonrails" for product "Rails" and version "4.0.3" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.4 Search vendor "Rubyonrails" for product "Rails" and version "4.0.4" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.5 Search vendor "Rubyonrails" for product "Rails" and version "4.0.5" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.6 Search vendor "Rubyonrails" for product "Rails" and version "4.0.6" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.6 Search vendor "Rubyonrails" for product "Rails" and version "4.0.6" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.6 Search vendor "Rubyonrails" for product "Rails" and version "4.0.6" | rc2 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.0.6 Search vendor "Rubyonrails" for product "Rails" and version "4.0.6" | rc3 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.0 Search vendor "Rubyonrails" for product "Rails" and version "4.1.0" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.0 Search vendor "Rubyonrails" for product "Rails" and version "4.1.0" | beta1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.1 Search vendor "Rubyonrails" for product "Rails" and version "4.1.1" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.2 Search vendor "Rubyonrails" for product "Rails" and version "4.1.2" | - |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.2 Search vendor "Rubyonrails" for product "Rails" and version "4.1.2" | rc1 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.2 Search vendor "Rubyonrails" for product "Rails" and version "4.1.2" | rc2 |
Affected
| ||||||
Rubyonrails Search vendor "Rubyonrails" | Rails Search vendor "Rubyonrails" for product "Rails" | 4.1.2 Search vendor "Rubyonrails" for product "Rails" and version "4.1.2" | rc3 |
Affected
|