Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/activerecord@4.1

Type gem

Namespace

Name activerecord

Version 4.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 7.1.5.2

Latest_non_vulnerable_version 8.0.2.1

Affected_by_vulnerabilities

url VCID-2efj-tf8d-dfck

vulnerability_id VCID-2efj-tf8d-dfck

summary

Strong Parameter bypass with create_with
The `create_with` functionality in Active Record was implemented incorrectly and completely bypasses the strong parameter protection.

references

reference_url

http://openwall.com/lists/oss-security/2014/08/18/10

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/08/18/10

reference_url

http://rhn.redhat.com/errata/RHSA-2014-1102.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-1102.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3514.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3514

reference_id

reference_type

scores

value	0.00331
scoring_system	epss
scoring_elements	0.55996
published_at	2026-04-24T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56101
published_at	2026-04-11T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56078
published_at	2026-04-12T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56061
published_at	2026-04-13T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56096
published_at	2026-04-16T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56098
published_at	2026-04-18T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.5607
published_at	2026-04-21T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.55925
published_at	2026-04-01T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56036
published_at	2026-04-02T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56057
published_at	2026-04-04T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56035
published_at	2026-04-07T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56086
published_at	2026-04-08T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.5609
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3514

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3514

reference_url	http://secunia.com/advisories/60347
reference_id
reference_type
scores
url	http://secunia.com/advisories/60347

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

reference_url

https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ

reference_url	https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/ruby-security-ann/M4chq5Sb540

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3514

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3514

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1131240
reference_id	1131240
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1131240

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.4:::::::*

reference_url

https://github.com/advisories/GHSA-9rf5-jm6f-2fmm

reference_id

GHSA-9rf5-jm6f-2fmm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9rf5-jm6f-2fmm

reference_url	https://access.redhat.com/errata/RHSA-2014:1102
reference_id	RHSA-2014:1102
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1102

fixed_packages

url pkg:gem/activerecord@4.1.5

purl pkg:gem/activerecord@4.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-9t7a-muwx-zyee

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.5

aliases CVE-2014-3514, GHSA-9rf5-jm6f-2fmm

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2efj-tf8d-dfck

url VCID-3m2y-wy1w-n7h1

vulnerability_id VCID-3m2y-wy1w-n7h1

summary

SQL Injection Vulnerabilities Affecting PostgreSQL
SQLi vulnerability in activerecord.

references

reference_url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/07/02/5

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0877.html

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0877.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3483.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3483

reference_id

reference_type

scores

value	0.00924
scoring_system	epss
scoring_elements	0.76062
published_at	2026-04-24T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79354
published_at	2026-04-11T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79352
published_at	2026-04-21T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79351
published_at	2026-04-18T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79355
published_at	2026-04-16T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79339
published_at	2026-04-12T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79279
published_at	2026-04-01T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79328
published_at	2026-04-13T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79286
published_at	2026-04-02T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79309
published_at	2026-04-04T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79295
published_at	2026-04-07T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.79321
published_at	2026-04-08T12:55:00Z

value	0.0125
scoring_system	epss
scoring_elements	0.7933
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3483

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3482

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3483

reference_url	http://secunia.com/advisories/59971
reference_id
reference_type
scores
url	http://secunia.com/advisories/59971

reference_url	http://secunia.com/advisories/60214
reference_id
reference_type
scores
url	http://secunia.com/advisories/60214

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3483.yml

reference_url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/forum/message/raw?msg=rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_url	https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!msg/rubyonrails-security/wDxePLJGZdI/WP7EasCJTA4J

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/8GtfeYd6qI4

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3483

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3483

reference_url

https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228150648/http://www.securityfocus.com/bid/68341

reference_url

http://www.debian.org/security/2014/dsa-2982

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2014/dsa-2982

reference_url	http://www.securityfocus.com/bid/68341
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/68341

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1114427
reference_id	1114427
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1114427

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:beta::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.0:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.1:rc4::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.0.6:rc3::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:-::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.0:beta1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc1::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc2::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_id	cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:4.1.2:rc3::::::

reference_url

https://github.com/advisories/GHSA-r8fh-hq2p-7qhq

reference_id

GHSA-r8fh-hq2p-7qhq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r8fh-hq2p-7qhq

reference_url	https://access.redhat.com/errata/RHSA-2014:0877
reference_id	RHSA-2014:0877
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0877

fixed_packages

url pkg:gem/activerecord@4.1.3

purl pkg:gem/activerecord@4.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2efj-tf8d-dfck

vulnerability	VCID-4cky-r218-dkbb

vulnerability	VCID-5mr1-tzkd-v3ae

vulnerability	VCID-9t7a-muwx-zyee

vulnerability	VCID-bsxw-gh14-rbef

vulnerability	VCID-eb5z-q7rj-j7hh

vulnerability	VCID-f4h5-8f57-3uhr

vulnerability	VCID-j8zg-kq3z-jqcm

vulnerability	VCID-n8r7-wthv-fqaj

vulnerability	VCID-nzeb-cy9e-tkax

vulnerability	VCID-sygb-mygd-s3gb

vulnerability	VCID-thx6-usb2-kkgc

vulnerability	VCID-y54w-a8kr-suhy

vulnerability	VCID-zqzx-avvt-wkhm

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1.3

aliases CVE-2014-3483, GHSA-r8fh-hq2p-7qhq, OSV-108665

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3m2y-wy1w-n7h1

url

VCID-n5fx-u6fs-vydu

vulnerability_id

VCID-n5fx-u6fs-vydu

summary

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

references

reference_url

http://openwall.com/lists/oss-security/2014/02/18/9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/02/18/9

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-0080

reference_id

reference_type

scores

value	0.00248
scoring_system	epss
scoring_elements	0.48047
published_at	2026-04-24T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4805
published_at	2026-04-12T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48074
published_at	2026-04-11T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48062
published_at	2026-04-13T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48114
published_at	2026-04-16T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.4811
published_at	2026-04-18T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48065
published_at	2026-04-21T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.47995
published_at	2026-04-01T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48033
published_at	2026-04-02T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48053
published_at	2026-04-04T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48003
published_at	2026-04-07T12:55:00Z

value	0.00248
scoring_system	epss
scoring_elements	0.48056
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-0080

reference_url

https://github.com/advisories/GHSA-hqf9-rc9j-5fmj

reference_id

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-hqf9-rc9j-5fmj

reference_url

https://github.com/rails/rails/tree/main/activerecord

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rails/rails/tree/main/activerecord

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml

reference_url	https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s
reference_id
reference_type
scores
url	https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s

reference_url

https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1065517
reference_id	1065517
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1065517

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-0080

reference_id

CVE-2014-0080

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-0080

fixed_packages

aliases

CVE-2014-0080, GHSA-hqf9-rc9j-5fmj, OSV-103438

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-n5fx-u6fs-vydu

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/activerecord@4.1

Package Instance