PT-2014-5351 · Ruby+1 · Active Record+2

Publicado

2014-07-07

Atualizado

2019-08-08

CVE-2014-3483

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ruby on Rails versions 4.0.0 through 4.0.6 Ruby on Rails versions 4.1.0 through 4.1.2

Description The issue is related to a SQL injection vulnerability in the PostgreSQL adapter for Active Record. This vulnerability allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.

Recommendations For Ruby on Rails versions 4.0.0 through 4.0.6, update to version 4.0.7 or later. For Ruby on Rails versions 4.1.0 through 4.1.2, update to version 4.1.3 or later.

Exploit

Correção

RCE

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2014-3483

DSA-2982-1

GHSA-R8FH-HQ2P-7QHQ

MGASA-2014-0303

RHSA-2014:0877

Produtos afetados

Active Record

Postgresql

Ruby On Rails

PT-2014-5351 · Ruby+1 · Active Record+2

CVE-2014-3483

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23