CVE-2014-3483 / OSVDB-108665
rails Critical
SQL Injection
Discovered over 5 years ago
Published over 6 years ago
Category: SQL Injection
Source: NIST NVD
Severity: Critical

Ruby on Rails contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the PostgreSQL adapter for Active Record not properly sanitizing user-supplied input when quoting ranges. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

CVSS Metrics
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact
Network Network None Partial Partial Partial
Patched Versions

~> 4.0.7 >= 4.1.3

Unaffected Versions

< 4.0.0