Search for packages
| purl | pkg:gem/activerecord@7.0.3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-sygb-mygd-s3gb
Aliases: CVE-2022-44566 GHSA-579w-22j4-4749 GMS-2023-59 |
Duplicate This advisory duplicates another. |
Affected by 1 other vulnerability. |
|
VCID-t9yh-ss8z-e3cb
Aliases: CVE-2023-22794 GHSA-hq7p-j377-6v63 GMS-2023-60 |
Duplicate This advisory duplicates another. |
Affected by 1 other vulnerability. |
|
VCID-zqzx-avvt-wkhm
Aliases: CVE-2025-55193 GHSA-76r7-hhxj-r776 |
Active Record logging vulnerable to ANSI escape injection This vulnerability has been assigned the CVE identifier CVE-2025-55193 ### Impact The ID passed to `find` or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. ### Releases The fixed releases are available at the normal locations. ### Credits Thanks to [lio346](https://hackerone.com/lio346) from Unit 515 of OPSWAT for reporting this vulnerability |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-n8r7-wthv-fqaj | Active Record RCE bug with Serialized Columns When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE. There are no feasible workarounds for this issue, but other coders (such as JSON) are not impacted. |
CVE-2022-32224
GHSA-3hhc-qp5v-9p2j GMS-2022-3029 |