CVE-2023-22794

2023-02-0920:15:11

CWE-89

[email protected]

web.nvd.nist.gov

vulnerability

activerecord

sanitization

comments

cve-2023-22794

sql injection

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.7%

JSON

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizer_hints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.

Affected configurations

NVD

Node

activerecord_projectactiverecordRange6.0.0–6.0.6.1ruby

activerecord_projectactiverecordRange6.1.0–6.1.7.1ruby

activerecord_projectactiverecordRange7.0.0–7.0.4.1ruby

CPENameOperatorVersion
activerecord_project:activerecordactiverecord project activerecordlt6.0.6.1
activerecord_project:activerecordactiverecord project activerecordlt6.1.7.1
activerecord_project:activerecordactiverecord project activerecordlt7.0.4.1

CPE	Name	Operator	Version
activerecord_project:activerecord	activerecord project activerecord	lt	6.0.6.1
activerecord_project:activerecord	activerecord project activerecord	lt	6.1.7.1
activerecord_project:activerecord	activerecord project activerecord	lt	7.0.4.1

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "https://github.com/rails/rails",
    "versions": [
      {
        "version": "6.0.6.1, 6.1.7.1, 7.0.4.1",
        "status": "affected"
      }
    ]
  }
]