CVE-2014-3483

Related Files

Debian Security Advisory 2982-1

Posted Jul 21, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2982-1 - Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection.

tags | advisory, vulnerability, sql injection

systems | linux, debian

advisories | CVE-2014-3482, CVE-2014-3483

SHA-256 | 331d4543cf61c142535437ee8da640bf5b3deac8ea9130d339f2b0c9876eec7b

Download | Favorite | View

Red Hat Security Advisory 2014-0877-01

Posted Jul 14, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0877-01 - Ruby on Rails is a model-view-controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record did not properly quote values of the range type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record.

tags | advisory, remote, web, sql injection, ruby

systems | linux, redhat

advisories | CVE-2014-3483

SHA-256 | 90ac7dc20576244d2f92e5c7b1aab4d10b2d6919daa14d042e018226239ab840

Download | Favorite | View