CVE-2014-0080

Publication date

2014-02-20 11:00:00

Family

redhat

State

PUBLISHED

Description

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving (backslash) characters that are not properly handled in operations on array columns.