CVE-2014-3482
Ruby on Rails 2.x and 3.x - SQL Injection via PostgreSQL Bitstring Quoting
Title source: llmDescription
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68343
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59973
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2014/07/02/5
Mailing List mailing-list
x_refsource_mlist
https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60214
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60763
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2982
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0876.html
Scores
EPSS
0.0153
EPSS Percentile
81.5%
Details
CWE
CWE-89
Status
published
Products (34)
rubygems/activerecord
2.0.0 - 3.2.19RubyGems
rubyonrails/rails
2.0.0 (3 CPE variants)
rubyonrails/rails
2.0.1
rubyonrails/rails
2.0.2
rubyonrails/rails
2.0.4
rubyonrails/rails
2.1.0
rubyonrails/rails
2.1.1
rubyonrails/rails
2.1.2
rubyonrails/rails
2.2.0
rubyonrails/rails
2.2.1
... and 24 more
Published
Jul 07, 2014
Tracked Since
Feb 18, 2026