Lucene search

activerecord vulnerable to SQL Injection

🗓️ 24 Oct 2017 18:38:33Reported by GitHub Advisory DatabaseType

activerecord SQL injection vulnerabilities in Ruby on Rail

Reporter	Title	Published	Views	Family All 53
Debian CVE	CVE-2011-2930	29 Aug 201118:55	–	debiancve
GitLab Advisory Database	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	24 Oct 201700:00	–	gitlab
OSV	activerecord vulnerable to SQL Injection	24 Oct 201718:33	–	osv
OSV	rails - several	23 Jan 201200:00	–	osv
OSV	rails - several	23 Jan 201200:00	–	osv
Prion	Sql injection	29 Aug 201118:55	–	prion
CVE	CVE-2011-2930	29 Aug 201118:55	–	cve
RubySec	SQL Injection Vulnerability in quote_table_name in rails/activerecord	23 Oct 201721:00	–	rubygems
UbuntuCve	CVE-2011-2930	29 Aug 201100:00	–	ubuntucve
Cvelist	CVE-2011-2930	29 Aug 201118:00	–	cvelist

Vulners

Node

activerecord_project activerecordRange3.0.0–3.0.10

activerecord_project activerecordRange2.0.0–2.3.13

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2011-2930
github	www.github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
groups	www.groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30
lists	www.lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
weblog	www.weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
debian	www.debian.org/security/2011/dsa-2301
openwall	www.openwall.com/lists/oss-security/2011/08/17/1
openwall	www.openwall.com/lists/oss-security/2011/08/19/11
openwall	www.openwall.com/lists/oss-security/2011/08/20/1

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Oct 2017 18:33Current

8.1High risk

Vulners AI Score8.1

CVSS27.5

EPSS0.004

CWE-89