CVE-2014-3482 in Ruby on Railsinfo

Summary

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

05/14/2014

Disclosure

07/07/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
66978Ruby on Rails bitstring Query postgresql_adapter.rb sql injection89HighOfficial fixCVE-2014-3482

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!