VulnerableCode Vulnerability Details - VCID-qv5s-vase-2qas

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-qv5s-vase-2qas

Essentials
Severities (8)
References (10)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-qv5s-vase-2qas
Aliases	CVE-2014-0080 GHSA-hqf9-rc9j-5fmj OSV-103438
Summary	Array data injection vulnerability in activerecord SQL injection vulnerability in `activerecord/lib/active_record/connection_adapters/postgresql/cast.rb` in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving `\` (backslash) characters that are not properly handled in operations on array columns.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2014/02/18/9
epss	0.00248	https://api.first.org/data/v1/epss?cve=CVE-2014-0080
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-hqf9-rc9j-5fmj
generic_textual	MODERATE	https://github.com/advisories/GHSA-hqf9-rc9j-5fmj
generic_textual	MODERATE	https://github.com/rails/rails/tree/main/activerecord
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-0080
generic_textual	MODERATE	https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ

Reference id	Reference type	URL
		http://openwall.com/lists/oss-security/2014/02/18/9
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0080.json
		https://api.first.org/data/v1/epss?cve=CVE-2014-0080
		https://github.com/advisories/GHSA-hqf9-rc9j-5fmj
		https://github.com/rails/rails/tree/main/activerecord
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml
		https://groups.google.com/forum/#!topic/rubyonrails-security/Wu96YkTUR6s
		https://nvd.nist.gov/vuln/detail/CVE-2014-0080
		https://web.archive.org/web/20210301004521/https://groups.google.com/forum/message/raw?msg=rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ
1065517		https://bugzilla.redhat.com/show_bug.cgi?id=1065517

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.48216
EPSS Score	0.00248
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:57:20.633808+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-hqf9-rc9j-5fmj/GHSA-hqf9-rc9j-5fmj.json	38.6.0