Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2014-3483
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.
| Software | From | Fixed in |
|---|---|---|
| rubyonrails / rails | 4.0.0 | 4.0.0.x |
| rubyonrails / rails | 4.0.1 | 4.0.1.x |
| rubyonrails / rails | 4.0.2 | 4.0.2.x |
| rubyonrails / rails | 4.0.6-rc3 | 4.0.6-rc3.x |
| rubyonrails / rails | 4.1.0-beta1 | 4.1.0-beta1.x |
| rubyonrails / rails | 4.1.2-rc1 | 4.1.2-rc1.x |
| rubyonrails / rails | 4.1.2-rc2 | 4.1.2-rc2.x |
| rubyonrails / rails | 4.1.2 | 4.1.2.x |
| rubyonrails / rails | 4.1.2-rc3 | 4.1.2-rc3.x |
| rubyonrails / rails | 4.1.1 | 4.1.1.x |
| rubyonrails / rails | 4.0.0-beta | 4.0.0-beta.x |
| rubyonrails / rails | 4.0.0-rc1 | 4.0.0-rc1.x |
| rubyonrails / rails | 4.0.0-rc2 | 4.0.0-rc2.x |
| rubyonrails / rails | 4.0.1-rc1 | 4.0.1-rc1.x |
| rubyonrails / rails | 4.0.1-rc2 | 4.0.1-rc2.x |
| rubyonrails / rails | 4.0.1-rc3 | 4.0.1-rc3.x |
| rubyonrails / rails | 4.0.1-rc4 | 4.0.1-rc4.x |
| rubyonrails / rails | 4.0.4 | 4.0.4.x |
| rubyonrails / rails | 4.0.6-rc1 | 4.0.6-rc1.x |
| rubyonrails / rails | 4.0.6 | 4.0.6.x |
| rubyonrails / rails | 4.0.6-rc2 | 4.0.6-rc2.x |
| rubyonrails / rails | 4.0.3 | 4.0.3.x |
| rubyonrails / rails | 4.0.5 | 4.0.5.x |
| rubyonrails / rails | 4.1.0 | 4.1.0.x |
activerecord
|
4.0.0 | 4.0.7 |
|
activerecord
|
4.1.0 | 4.1.3 |
- http://openwall.com/lists/oss-security/2014/07/02/5
- http://rhn.redhat.com/errata/RHSA-2014-0877.html
- http://secunia.com/advisories/59971
- http://secunia.com/advisories/60214
- http://www.debian.org/security/2014/dsa-2982
- http://www.securityfocus.com/bid/68341
- https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J