CVE-2023-22794

🗓️ 09 Feb 2023 20:11:15Reported by hackeroneType

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments

Reporter	Title	Published	Views	Family All 25
RedhatCVE	CVE-2023-22794	26 Jan 202314:05	–	redhatcve
GitLab Advisory Database	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	9 Feb 202300:00	–	gitlab
OSV	CVE-2023-22794	9 Feb 202320:15	–	osv
OSV	SQL Injection Vulnerability via ActiveRecord comments	18 Jan 202318:20	–	osv
OSV	OPENSUSE-SU-2024:12766-1 ruby3.1-rubygem-activerecord-7.0-7.0.4.1-1.1 on GA media	15 Jun 202400:00	–	osv
OSV	OPENSUSE-SU-2024:14069-1 ruby3.3-rubygem-activerecord-7.0-7.0.8.4-1.1 on GA media	24 Jun 202400:00	–	osv
OSV	rails - security update	13 Mar 202300:00	–	osv
OSV	RHSA-2023:6818 Red Hat Security Advisory: Satellite 6.14 security and bug fix update	2 Oct 202411:32	–	osv
Veracode	SQL Injection	25 Jan 202304:39	–	veracode
NVD	CVE-2023-22794	9 Feb 202320:15	–	nvd

Nvd

Vulners

Node

activerecord_project activerecordRange6.0.0–6.0.6.1ruby

activerecord_project activerecordRange6.1.0–6.1.7.1ruby

activerecord_project activerecordRange7.0.0–7.0.4.1ruby

[
  {
    "vendor": "n/a",
    "product": "https://github.com/rails/rails",
    "versions": [
      {
        "version": "6.0.6.1, 6.1.7.1, 7.0.4.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
security	www.security.netapp.com/advisory/ntap-20240202-0008/
discuss	www.discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117
debian	www.debian.org/security/2023/dsa-5372

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Feb 2023 20:15Current

8.6High risk

Vulners AI Score8.6

CVSS38.8

EPSS0.00268

CWE-89