VDB

GCVE-110-MAGEIA-2014-191

GCVE-110-MAGEIA-2014-191
Advisory Published
Vulnetix · Advisory published April 24, 2014
Updated ruby-activerecord and ruby-actionpack packages fix security vulnerabilities: There is a data injection vulnerability in Active Record. Specially crafted strings can be used to save data in PostgreSQL array columns that may not be intended (CVE-2014-0080). There is an XSS vulnerability in the number_to_currency, number_to_percentage and number_to_human helpers in Ruby on Rails (CVE-2014-0081). The associated packages have been updated to version 4.0.3 to fix these issues.

Affected Products

VendorProductVersionsPlatforms
Mageiakmod-vboxadditions0 (affected), 4.3.18-3.mga4 (unaffected)
Mageiaruby-actionmailer0 (affected), 4.0.3-1.mga4 (unaffected), 0 (affected), 4.0.3-1.mga4 (unaffected)
Mageiaruby-activemodel0 (affected), 4.0.3-1.mga4 (unaffected), 4.0.3-1.mga4 (unaffected), 0 (affected)
Mageiaruby-rails0 (affected), 4.0.3-1.mga4 (unaffected), 4.0.3-1.mga4 (unaffected), 0 (affected)
Mageiaruby-actionpack0 (affected), 4.0.3-1.mga4 (unaffected), 0 (affected), 4.0.3-1.mga4 (unaffected)
Mageiakmod-vboxadditions4.3.18-2.mga3 (unaffected), 0 (affected)
Mageiakmod-virtualbox0 (affected), 4.3.18-3.mga4 (unaffected)
Mageiavirtualbox0 (affected), 4.3.18-1.mga4 (unaffected)
Mageiaruby-railties4.0.3-1.mga4 (unaffected), 0 (affected), 4.0.3-1.mga4 (unaffected), 0 (affected)
Mageiavirtualbox0 (affected), 4.3.18-1.mga3 (unaffected)
Mageiaruby-activerecord0 (affected), 4.0.3-1.mga4 (unaffected), 0 (affected), 4.0.3-1.mga4 (unaffected)
Mageiaruby-activesupport4.0.3-1.mga4 (unaffected), 0 (affected), 4.0.3-1.mga4 (unaffected), 0 (affected)
Mageiakmod-virtualbox0 (affected), 4.3.18-2.mga3 (unaffected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›