Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2014-3482 - Vulnerability Database
Ruby on Rails

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2014-3482

High
Reference: CVE-2014-3482
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-3482
Title: Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.