SQL Injection in Active Record

GHSA-mhwp-qhpc-h3jm · CVE-2014-3482

Published Oct 24, 2017 · Modified Mar 31, 2025

Description

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-3482
WEB https://github.com/rails/rails/commit/1f2192e46d78ee0ba2b06373f2c24caf8440ff5b
PACKAGE https://github.com/rails/rails
WEB https://groups.google.com/g/rubyonrails-security/c/wDxePLJGZdI
WEB http://openwall.com/lists/oss-security/2014/07/02/5
WEB http://rhn.redhat.com/errata/RHSA-2014-0876.html
WEB http://www.debian.org/security/2014/dsa-2982

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes