Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2014-3482 - Vulnerability Database

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2014-3482

High
Reference: CVE-2014-3482
Title: Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.