DEBIAN-CVE-2023-22794

DEBIAN-CVE-2023-22794 PUBLISHED CVSS 8.800000190734863 HIGH

A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:13	rails	0, 0, 0
Debian:12	rails	0, 0, 0
Debian:14	rails	0, 0, 0
Debian:11	rails	0, 0, 6.0.3.7+dfsg

Timeline

Feb 9, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-22794 advisory

Open in Interactive Console →