Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-3483
HistoryJul 07, 2014 - 12:00 a.m.

CVE-2014-3483

2014-07-0700:00:00
ubuntu.com
ubuntu.com
16

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

82.6%

SQL injection vulnerability in
activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in
the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7
and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL
commands by leveraging improper range quoting.

Notes

Author Note
seth-arnold in Oneiric-Saucy, rails package is just for transition

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.009

Percentile

82.6%