Lucene search

K
redhatRedHatRHSA-2014:0877
HistoryJul 14, 2014 - 12:00 a.m.

(RHSA-2014:0877) Moderate: ror40-rubygem-activerecord security update

2014-07-1400:00:00
access.redhat.com
13

EPSS

0.009

Percentile

82.6%

Ruby on Rails is a model-view-controller (MVC) framework for web
application development. Active Record implements object-relational mapping
for accessing database entries using objects.

It was discovered that Active Record did not properly quote values of the
range type attributes when using the PostgreSQL database adapter. A remote
attacker could possibly use this flaw to conduct an SQL injection attack
against applications using Active Record. (CVE-2014-3483)

Red Hat would like to thank the Ruby on Rails project for reporting this
issue. Upstream acknowledges Sean Griffin of thoughtbot as the original
reporter.

All ror40-rubygem-activerecord users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.