Home

CVE-2014-0080

Description

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving (backslash) characters that are not properly handled in operations on array columns.

Risk Information

Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.248

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2014-0080 are fixed in Ruby-activerecord 4.0.3Windows
Vulnerabilities CVE-2014-0080 are fixed in Ruby-activerecord 4.1.0Windows
Vulnerabilities CVE-2014-0080 are fixed in Ruby-activerecord for Linux 4.0.3Linux
Vulnerabilities CVE-2014-0080 are fixed in Ruby-activerecord for Linux 4.1.0Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234