11 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-22794
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate...
ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 on GA media (moderate)
ruby3.4-rubygem-activerecord-7.0-7.0.8.6-1.3 on GA media Announcement ID: openSUSE-SU-2025:15112-1 Rating: moderate Cross-References: CVE-2022-32224 CVE-2022-44566 CVE-2023-22794 CVE-2023-38037 CVSS scores: CVE-2022-32224 SUSE : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-44566 SUSE :...
[SECURITY] [DSA 5372-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5372-1 [email protected] https://www.debian.org/security/ Aron Xu March 13, 2023 https://www.debian.org/security/faq - -------------------------------------------------------------------------...
OESA-2023-1132 rubygem-activerecord security update
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL. Security Fixes: A denial of service vulnerability present in...
CVE-2023-22794
A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...
CVE-2023-22794
A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...
CVE-2023-22794
CVE-2023-22794 affects ActiveRecord versions
Fedora 38 : rubygem-actioncable / rubygem-actionmailbox / rubygem-actionmailer / etc (2023-f60cca0686)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-f60cca0686 advisory. Upgrade to Ruby on Rails 7.0.4.2. Fixes numerous CVEs: https://rubyonrails.org/2023/1/17/Rails- Versions-6-0-6-1-6-1-7-1-7-0-4-1-have-been-released...
GHSA-HQ7P-J377-6V63 SQL Injection Vulnerability via ActiveRecord comments
There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: = 6.0.0 Not affected: All users running an affected release should either upgrade or use one of the workarounds...
SQL Injection Vulnerability via ActiveRecord comments
There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: = 6.0.0 Not affected: All users running an affected release should either upgrade or use one of the workarounds...
SQL Injection Vulnerability via ActiveRecord comments
There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: = 6.0.0 Not affected: All users running an affected release should either upgrade or use one of the workarounds...