CVE-2014-3482SQL Injection in Project Activerecord

CWE-89SQL Injection10 documents7 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 18.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Rubyonrails RailsActiverecord Project ActiverecordRubyonrails Ruby ON Rails
Timeline
PublishedJul 7
Latest updateOct 24

Description

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

RubyGemsactiverecord_project/activerecord2.0.03.2.19
Debianrubyonrails/rails< 2:4.1.4-1+3
NVDrubyonrails/rails73 versions+72
NVDrubyonrails/ruby_on_rails2.3.17, 3.0.4+1

🔴Vulnerability Details

4
GHSA
SQL Injection in Active Record2017-10-24
OSV
SQL Injection in Active Record2017-10-24
OSV
CVE-2014-3482: SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter2014-07-07
CVEList
CVE-2014-3482: SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter2014-07-07

📋Vendor Advisories

2
Red Hat
rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting2014-07-02
Debian
CVE-2014-3482: rails - SQL injection vulnerability in activerecord/lib/active_record/connection_adapter...2014

💬Community

3
Bugzilla
CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting [epel-5]2014-07-03
Bugzilla
CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting [fedora-19]2014-07-03
Bugzilla
CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting2014-06-30
CVE-2014-3482 — SQL Injection in Project Activerecord | cvebase