CVE-2014-3483
07.07.2014, 11:01
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.
| Vendor | Product | Version |
|---|---|---|
| rubyonrails | rails | 4.0.0 |
| rubyonrails | rails | 4.0.0:beta |
| rubyonrails | rails | 4.0.0:rc1 |
| rubyonrails | rails | 4.0.0:rc2 |
| rubyonrails | rails | 4.0.1 |
| rubyonrails | rails | 4.0.1:rc1 |
| rubyonrails | rails | 4.0.1:rc2 |
| rubyonrails | rails | 4.0.1:rc3 |
| rubyonrails | rails | 4.0.1:rc4 |
| rubyonrails | rails | 4.0.2 |
| rubyonrails | rails | 4.0.3 |
| rubyonrails | rails | 4.0.4 |
| rubyonrails | rails | 4.0.5 |
| rubyonrails | rails | 4.0.6 |
| rubyonrails | rails | 4.0.6:rc1 |
| rubyonrails | rails | 4.0.6:rc2 |
| rubyonrails | rails | 4.0.6:rc3 |
| rubyonrails | rails | 4.1.0 |
| rubyonrails | rails | 4.1.0:beta1 |
| rubyonrails | rails | 4.1.1 |
| rubyonrails | rails | 4.1.2 |
| rubyonrails | rails | 4.1.2:rc1 |
| rubyonrails | rails | 4.1.2:rc2 |
| rubyonrails | rails | 4.1.2:rc3 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| rails |
| ||||||||||||||||||||||||||||
| rails-3.2 |
| ||||||||||||||||||||||||||||
| rails-4.0 |
| ||||||||||||||||||||||||||||
| ruby-activerecord-2.3 |
| ||||||||||||||||||||||||||||
| ruby-activerecord-3.2 |
| ||||||||||||||||||||||||||||
| ruby-rails-2.3 |
| ||||||||||||||||||||||||||||
| ruby-rails-3.2 |
|
References