Rubyonrails: >> Rails >> 3.2.17 Security Vulnerabilities
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.
CVSS Score
7.5
EPSS Score
0.014
Published
2014-07-07
CVE-2014-0130
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.
Known exploited
CVSS Score
7.5
EPSS Score
0.437
Published
2014-05-07
Page 3