CVE-2023-22794

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizer_hints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.

Published: Feb 9, 2023
Updated: May 9, 2024
CVE: CVE-2023-22794
GHSA: GHSA-hq7p-j377-6v63
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
activerecord_project / activerecord	7.0.0	7.0.4.1
activerecord_project / activerecord	6.1.0	6.1.7.1
activerecord_project / activerecord	6.0.0	6.0.6.1
activerecord	6.0.0	6.0.6.1
activerecord	6.1.0	6.1.7.1
activerecord	7.0.0	7.0.4.1

https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117
https://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de
https://github.com/rails/rails/releases/tag/v7.0.4.1
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml
https://security.netapp.com/advisory/ntap-20240202-0008
https://security.netapp.com/advisory/ntap-20240202-0008/
https://www.debian.org/security/2023/dsa-5372

Vulnerability Database

289,697

CVE-2023-22794