Lucene search
K

6 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.3 views

SUSE CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

8.8CVSS6.7AI score0.02153EPSS
Exploits1References4
OSV
OSV
added 2023/02/09 8:15 p.m.2 views

UBUNTU-CVE-2023-22794

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

8.8CVSS6.4AI score0.02153EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2023/02/09 12:0 a.m.36 views

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

A vulnerability in ActiveRecord 6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the annotate query method, the optimizerhints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent t...

8.8CVSS8.6AI score0.02153EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/01/18 6:20 p.m.27 views

GHSA-HQ7P-J377-6V63 SQL Injection Vulnerability via ActiveRecord comments

There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: = 6.0.0 Not affected: All users running an affected release should either upgrade or use one of the workarounds...

8.8CVSS8.6AI score0.02153EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2023/01/18 6:20 p.m.42 views

SQL Injection Vulnerability via ActiveRecord comments

There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: = 6.0.0 Not affected: All users running an affected release should either upgrade or use one of the workarounds...

8.8CVSS8.7AI score0.02153EPSS
Exploits1References8Affected Software1
RubySec
RubySec
added 2023/01/18 12:0 a.m.40 views

SQL Injection Vulnerability via ActiveRecord comments

There is a possible vulnerability in ActiveRecord related to the sanitization of comments. This vulnerability has been assigned the CVE identifier CVE-2023-22794. Versions Affected: = 6.0.0 Not affected: All users running an affected release should either upgrade or use one of the workarounds...

8.8CVSS8.6AI score0.02153EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder