| CVE-2023-22794 |
high |
— |
8.0 |
|
|
|
3y ago |
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints`… |
| CVE-2022-44566 |
high |
— |
8.0 |
|
|
|
3y ago |
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connectio… |
| CVE-2011-0448 |
high |
— |
7.5 |
|
|
|
9y ago |
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-num… |
| CVE-2011-2930 |
high |
— |
7.5 |
|
|
|
9y ago |
Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before … |
| CVE-2012-2695 |
high |
— |
7.5 |
|
|
|
9y ago |
activerecord vulnerable to SQL Injection |
| CVE-2016-6317 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote a… |
| CVE-2014-3514 |
high |
— |
7.5 |
|
|
|
12y ago |
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection… |
| CVE-2014-3483 |
high |
— |
7.5 |
|
|
|
12y ago |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before … |
| CVE-2014-3482 |
high |
— |
7.5 |
|
|
|
12y ago |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows r… |
| CVE-2012-6496 |
high |
— |
7.5 |
|
|
|
14y ago |
SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a … |
| CVE-2014-0080 |
medium |
— |
6.8 |
|
|
|
13y ago |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, al… |
| CVE-2010-3933 |
medium |
— |
6.4 |
|
|
|
9y ago |
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. |
| CVE-2012-2660 |
medium |
— |
6.4 |
|
|
|
9y ago |
Action Pack contains database-query restrictions bypass |
| CVE-2013-3221 |
medium |
— |
6.4 |
|
|
|
13y ago |
The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored value… |
| CVE-2013-0155 |
medium |
— |
6.4 |
|
|
|
14y ago |
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implement… |
| CVE-2015-7577 |
medium |
5.3 |
5.3 |
|
|
|
11y ago |
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta… |
| CVE-2013-1854 |
medium |
— |
5.0 |
|
|
|
13y ago |
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attack… |
| CVE-2012-2661 |
medium |
— |
5.0 |
|
|
|
14y ago |
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveReco… |
| CVE-2013-0276 |
medium |
— |
4.3 |
|
|
|
14y ago |
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attribut… |
