Lucene search

K
osvGoogleOSV:GHSA-R8FH-HQ2P-7QHQ
HistoryOct 24, 2017 - 6:33 p.m.

Active Record contains SQL Injection via improper range quoting

2017-10-2418:33:36
Google
osv.dev
9

EPSS

0.009

Percentile

82.6%

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.