VDB
GCVE-110-MAGEIA-2014-191
GCVE-110-MAGEIA-2014-191
Advisory Published
Updated ruby-activerecord and ruby-actionpack packages fix security
vulnerabilities:
There is a data injection vulnerability in Active Record. Specially crafted
strings can be used to save data in PostgreSQL array columns that may not be
intended (CVE-2014-0080).
There is an XSS vulnerability in the number_to_currency, number_to_percentage
and number_to_human helpers in Ruby on Rails (CVE-2014-0081).
The associated packages have been updated to version 4.0.3 to fix these
issues.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | kmod-vboxadditions | 0 (affected), 4.3.18-3.mga4 (unaffected) | — |
| Mageia | ruby-actionmailer | 0 (affected), 4.0.3-1.mga4 (unaffected), 0 (affected), 4.0.3-1.mga4 (unaffected) | — |
| Mageia | ruby-activemodel | 0 (affected), 4.0.3-1.mga4 (unaffected), 4.0.3-1.mga4 (unaffected), 0 (affected) | — |
| Mageia | ruby-rails | 0 (affected), 4.0.3-1.mga4 (unaffected), 4.0.3-1.mga4 (unaffected), 0 (affected) | — |
| Mageia | ruby-actionpack | 0 (affected), 4.0.3-1.mga4 (unaffected), 0 (affected), 4.0.3-1.mga4 (unaffected) | — |
| Mageia | kmod-vboxadditions | 4.3.18-2.mga3 (unaffected), 0 (affected) | — |
| Mageia | kmod-virtualbox | 0 (affected), 4.3.18-3.mga4 (unaffected) | — |
| Mageia | virtualbox | 0 (affected), 4.3.18-1.mga4 (unaffected) | — |
| Mageia | ruby-railties | 4.0.3-1.mga4 (unaffected), 0 (affected), 4.0.3-1.mga4 (unaffected), 0 (affected) | — |
| Mageia | virtualbox | 0 (affected), 4.3.18-1.mga3 (unaffected) | — |
| Mageia | ruby-activerecord | 0 (affected), 4.0.3-1.mga4 (unaffected), 0 (affected), 4.0.3-1.mga4 (unaffected) | — |
| Mageia | ruby-activesupport | 4.0.3-1.mga4 (unaffected), 0 (affected), 4.0.3-1.mga4 (unaffected), 0 (affected) | — |
| Mageia | kmod-virtualbox | 0 (affected), 4.3.18-2.mga3 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.