CVE-2014-3482

Related Files

Debian Security Advisory 2982-1

Posted Jul 21, 2014

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2982-1 - Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection.

tags | advisory, vulnerability, sql injection

systems | linux, debian

advisories | CVE-2014-3482, CVE-2014-3483

SHA-256 | 331d4543cf61c142535437ee8da640bf5b3deac8ea9130d339f2b0c9876eec7b

Download | Favorite | View

Red Hat Security Advisory 2014-0876-01

Posted Jul 14, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0876-01 - Ruby on Rails is a model-view-controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record did not properly quote values of the bitstring type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record.

tags | advisory, remote, web, sql injection, ruby

systems | linux, redhat

advisories | CVE-2014-3482

SHA-256 | f57677e7ba5b10629d2aee1fecfe8a3b6070c6bb545710e941f202736bb41b04

Download | Favorite | View