VDB
CVE-2014-3483
CVE-2014-3483
PUBLISHED
CVSS 7.5 HIGH
Active Record contains SQL Injection via improper range quoting
EPSS 0.92% · 76.4th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
0.92%
76.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| rubyonrails | rails | 4.0.0, 4.0.0, 4.0.0 |
| RubyGems | activerecord | 4.1.0, 4.0.0 |
Exploit Intelligence
- RHSA-2014:0877 (circl)
- 59971 (circl)
- [oss-security] 20140702 [CVE-2014-3482] [CVE-2014-3483] Ruby on Rails: Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL (circl)
- [rubyonrails-security] 20140702 [CVE-2014-3482] [CVE-2014-3483] Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL (circl)
- 60214 (circl)
- DSA-2982 (circl)
- 68341 (circl)
- Active Record SQL Injection Vulnerability Affecting PostgreSQL (hackerone)
- Active Record SQL Injection Vulnerability Affecting PostgreSQL (hackerone)
- .bundler-audit.yml (github-poc)
…and 24 more exploits
Timeline
- Jul 2, 2014 PoC Published
- Jul 7, 2014 CVE Published
- Aug 8, 2019 CVE Updated
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
- Feb 12, 2024 EPSS Score
References
- RHSA-2014:0877 vendor-advisory
- 59971 third-party-advisory
- [oss-security] 20140702 [CVE-2014-3482] [CVE-2014-3483] Ruby on Rails: Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL mailing-list
- [rubyonrails-security] 20140702 [CVE-2014-3482] [CVE-2014-3483] Two Active Record SQL Injection Vulnerabilities Affecting PostgreSQL mailing-list
- 60214 third-party-advisory
- DSA-2982 vendor-advisory
- 68341 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2014-3483 advisory
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml url
- https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341 url