Description

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

Remediation

References

CVE-2014-0080

Related Vulnerabilities

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0997)

WordPress Plugin Safe Redirect Manager SQL Injection (1.7.7)

Drupal Core 8.5.x Multiple Vulnerabilities (8.5.0 - 8.5.14)

WordPress Plugin Autopilot SEO for WooCommerce Security Bypass (1.5.1)

PHP Uncontrolled Resource Consumption Vulnerability (CVE-2017-11142)

Severity

Medium

Classification

CVE-2014-0080 CWE-138

Tags

Missing Update Known Vulnerabilities