EUVD-2017-0334

Malware in sbrugna...

EUVD-2017-0183

Malware in sbrugna...

Active Record component in Ruby on Rails has a data-type injection vulnerability

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...

GHSA-M8H6-M9P5-P2F8 Moderate severity vulnerability that affects activerecord

Withdrawn, accidental duplicate publish. Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions a...

CVE-2013-1854

The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method...