CVE-2023-22794

Name of the Vulnerable Software and Affected Versions ActiveRecord versions 6.0.0 through 6.0.6, versions 6.1.0 through 6.1.7, and versions 7.0.0 through 7.0.4

Description A vulnerability in ActiveRecord is related to the sanitization of comments, which may allow an attacker to inject SQL outside of the comment if malicious user input is passed to either the annotate query method, the optimizer hints query method, or through the QueryLogs interface. This could potentially lead to the execution of arbitrary code. Users should avoid passing user input to these methods.

Recommendations For versions 6.0.0 through 6.0.6, upgrade to version 6.0.6.1 or apply the patch 6-0-Make-sanitize as sql comment-more-strict.patch. For versions 6.1.0 through 6.1.7, upgrade to version 6.1.7.1 or apply the patch 6-1-Make-sanitize as sql comment-more-strict.patch. For versions 7.0.0 through 7.0.4, upgrade to version 7.0.4.1 or apply the patch 7-0-Make-sanitize as sql comment-more-strict.patch. As a temporary workaround, consider avoiding passing user input to the annotate and optimizer hints query methods, and restrict the use of QueryLogs configuration that can include user input.