Debian Linux Security Advisory 2982-1 - Sean Griffin discovered two vulnerabilities in the PostgreSQL adapter for Active Record which could lead to SQL injection.
331d4543cf61c142535437ee8da640bf5b3deac8ea9130d339f2b0c9876eec7b
Red Hat Security Advisory 2014-0877-01 - Ruby on Rails is a model-view-controller framework for web application development. Active Record implements object-relational mapping for accessing database entries using objects. It was discovered that Active Record did not properly quote values of the range type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record.
90ac7dc20576244d2f92e5c7b1aab4d10b2d6919daa14d042e018226239ab840