| CVE-2023-22794 |
high |
— |
8.0 |
|
|
|
3y ago |
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints`… |
| CVE-2022-44566 |
high |
— |
8.0 |
|
|
|
3y ago |
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connectio… |
| CVE-2012-2695 |
high |
— |
7.5 |
|
|
|
9y ago |
activerecord vulnerable to SQL Injection |
| CVE-2011-0448 |
high |
— |
7.5 |
|
|
|
9y ago |
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-num… |
| CVE-2011-2930 |
high |
— |
7.5 |
|
|
|
9y ago |
Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before … |
| CVE-2016-6317 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote a… |
| CVE-2014-3514 |
high |
— |
7.5 |
|
|
|
12y ago |
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection… |
| CVE-2014-3483 |
high |
— |
7.5 |
|
|
|
12y ago |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before … |
| CVE-2014-3482 |
high |
— |
7.5 |
|
|
|
12y ago |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows r… |
| CVE-2012-6496 |
high |
— |
7.5 |
|
|
|
14y ago |
SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a … |
