EUVD-2017-0243

Malware in sbrugna...

DEBIAN-CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

CVE-2022-44566

A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter 7.0.4.1 and 6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric...

PT-2023-6422 · Unknown +3 · Active Record +3

Name of the Vulnerable Software and Affected Versions: ActiveRecord versions 6.0.0 through 6.0.6, versions 6.1.0 through 6.1.7, and versions 7.0.0 through 7.0.4 Description: A vulnerability in ActiveRecord is related to the sanitization of comments, which may allow an attacker to inject SQL outsi...

Security update for rubygem-activerecord-5.2 (important)

openSUSE Security Update: Security update for rubygem-activerecord-5.2 Announcement ID: openSUSE-SU-2023:0009-1 Rating: important References: 1201465 Cross-References: CVE-2022-32224 CVSS scores: CVE-2022-32224 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-32224 SUSE: 7...

Remote Code Execution (RCE)

Overview activerecord is a library for databases on Rails. Affected versions of this package are vulnerable to Remote Code Execution RCE. When serialized columns that use YAML the default are deserialized, Rails uses YAML.unsafeload to convert the YAML data in to Ruby objects. If an attacker can...

CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...