A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to
the sanitization of comments. If malicious user input is passed to either
the annotate
query method, the optimizer_hints
query method, or through
the QueryLogs interface which automatically adds annotations, it may be
sent to the database withinsufficient sanitization and be able to inject
SQL outside of the comment.
Author | Note |
---|---|
seth-arnold | In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward |
discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117
github.com/rails/rails/commit/048e9fc05e18c91838a44e60175e475de8b2aad5 (6-1-stable)
launchpad.net/bugs/cve/CVE-2023-22794
nvd.nist.gov/vuln/detail/CVE-2023-22794
security-tracker.debian.org/tracker/CVE-2023-22794
www.cve.org/CVERecord?id=CVE-2023-22794