Lucene search
GoogleOSV:CVE-2023-22794HistoryFeb 09, 2023 - 8:15 p.m.
CVE-2023-22794
2023-02-0920:15:11
Google
osv.dev
3
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizer_hints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.
Related
veracode
veracode
SQL Injection
2023-01-25 04:39:20
redhatcve
redhatcve
CVE-2023-22794
2023-01-26 14:05:25
gitlab
gitlab
prion
prion
Design/Logic Flaw
2023-02-09 20:15:00
cvelist
cvelist
CVE-2023-22794
2023-02-09 00:00:00
github
github
SQL Injection Vulnerability via ActiveRecord comments
2023-01-18 18:20:19
debiancve
debiancve
CVE-2023-22794
2023-02-09 20:15:11
cve
cve
CVE-2023-22794
2023-02-09 20:15:11
ubuntucve
ubuntucve
CVE-2023-22794
2023-02-09 00:00:00
osv
osv
SQL Injection Vulnerability via ActiveRecord comments
2023-01-18 18:20:19
rails - security update
2023-03-13 00:00:00
rubygems
rubygems
SQL Injection Vulnerability via ActiveRecord comments
2023-01-17 21:00:00
nessus
nessus
Debian DSA-5372-1 : rails - security update
2023-03-14 00:00:00
Rocky Linux 8 : Satellite 6.14 (RLSA-2023:6818)
2023-11-11 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5372-1)
2023-03-14 00:00:00
debian
debian
[SECURITY] [DSA 5372-1] rails security update
2023-03-13 03:06:47
rocky
rocky
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57
redhat
redhat
(RHSA-2023:6818) Important: Satellite 6.14 security and bug fix update
2023-11-08 14:10:25