Debian Linux Security Advisory 2982-1 - Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection.
331d4543cf61c142535437ee8da640bf5b3deac8ea9130d339f2b0c9876eec7b
Red Hat Security Advisory 2014-0876-01 - Ruby on Rails is a model-view-controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record did not properly quote values of the bitstring type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record.
f57677e7ba5b10629d2aee1fecfe8a3b6070c6bb545710e941f202736bb41b04