What is the severity of CVE-2014-3483?

CVE-2014-3483 has been classified as a high severity vulnerability due to its potential for allowing arbitrary SQL command execution.

How do I fix CVE-2014-3483?

To fix CVE-2014-3483, upgrade to Active Record version 4.1.3 or 4.0.7 or later.

What versions of Active Record are affected by CVE-2014-3483?

CVE-2014-3483 affects Active Record versions prior to 4.0.7 and 4.1.x prior to 4.1.3.

What kind of vulnerability is CVE-2014-3483?

CVE-2014-3483 is an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands.

Who is impacted by CVE-2014-3483?

Any application using affected versions of Active Record with PostgreSQL as the database backend is vulnerable to CVE-2014-3483.

Vulnerability/
CVE-2014-3483

high

7.5

CWE

7/7/2014

24/10/2017

6/8/2024

CVE-2014-3483: SQL Injection

First published: Mon Jul 07 2014(Updated: )

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
rubygems/activerecord	>=4.1.0<4.1.3	4.1.3
rubygems/activerecord	>=4.0.0<4.0.7	4.0.7
Ruby on Rails	=4.0.0
Ruby on Rails	=4.0.0-beta
Ruby on Rails	=4.0.0-rc1
Ruby on Rails	=4.0.0-rc2
Ruby on Rails	=4.0.1
Ruby on Rails	=4.0.1-rc1
Ruby on Rails	=4.0.1-rc2
Ruby on Rails	=4.0.1-rc3
Ruby on Rails	=4.0.1-rc4
Ruby on Rails	=4.0.2
Ruby on Rails	=4.0.3
Ruby on Rails	=4.0.4
Ruby on Rails	=4.0.5
Ruby on Rails	=4.0.6
Ruby on Rails	=4.0.6-rc1
Ruby on Rails	=4.0.6-rc2
Ruby on Rails	=4.0.6-rc3
Ruby on Rails	=4.1.0
Ruby on Rails	=4.1.0-beta1
Ruby on Rails	=4.1.1
Ruby on Rails	=4.1.2
Ruby on Rails	=4.1.2-rc1
Ruby on Rails	=4.1.2-rc2
Ruby on Rails	=4.1.2-rc3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-3483?
CVE-2014-3483 has been classified as a high severity vulnerability due to its potential for allowing arbitrary SQL command execution.
How do I fix CVE-2014-3483?
To fix CVE-2014-3483, upgrade to Active Record version 4.1.3 or 4.0.7 or later.
What versions of Active Record are affected by CVE-2014-3483?
CVE-2014-3483 affects Active Record versions prior to 4.0.7 and 4.1.x prior to 4.1.3.
What kind of vulnerability is CVE-2014-3483?
CVE-2014-3483 is an SQL injection vulnerability that allows attackers to execute arbitrary SQL commands.
Who is impacted by CVE-2014-3483?
Any application using affected versions of Active Record with PostgreSQL as the database backend is vulnerable to CVE-2014-3483.

collector/github-advisory-latest
alias/GHSA-r8fh-hq2p-7qhq
alias/CVE-2014-3483
collector/github-advisory
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/severity
agent/last-modified-date
agent/first-publish-date
agent/event
agent/description
agent/trending
agent/source
agent/tags
collector/nvd-cve
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/rubygems
vendor/rubyonrails
canonical/ruby on rails
version/ruby on rails/4.0.0
version/ruby on rails/4.0.0-beta
version/ruby on rails/4.0.0-rc1
version/ruby on rails/4.0.0-rc2
version/ruby on rails/4.0.1
version/ruby on rails/4.0.1-rc1
version/ruby on rails/4.0.1-rc2
version/ruby on rails/4.0.1-rc3
version/ruby on rails/4.0.1-rc4
version/ruby on rails/4.0.2
version/ruby on rails/4.0.3
version/ruby on rails/4.0.4
version/ruby on rails/4.0.5
version/ruby on rails/4.0.6
version/ruby on rails/4.0.6-rc1
version/ruby on rails/4.0.6-rc2
version/ruby on rails/4.0.6-rc3
version/ruby on rails/4.1.0
version/ruby on rails/4.1.0-beta1
version/ruby on rails/4.1.1
version/ruby on rails/4.1.2
version/ruby on rails/4.1.2-rc1
version/ruby on rails/4.1.2-rc2
version/ruby on rails/4.1.2-rc3