Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-er3j-4ygz-kqdx
Vulnerability ID VCID-er3j-4ygz-kqdx
Aliases CVE-2011-2930
GHSA-h6w6-xmqv-7q78
Summary activerecord vulnerable to SQL Injection Multiple SQL injection vulnerabilities in the `quote_table_name` method in the ActiveRecord adapters in `activerecord/lib/active_record/connection_adapters/` in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual HIGH http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain
generic_textual HIGH http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
epss 0.00955 https://api.first.org/data/v1/epss?cve=CVE-2011-2930
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=731438
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-h6w6-xmqv-7q78
generic_textual HIGH https://github.com/rails/rails
generic_textual HIGH https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85
generic_textual HIGH https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2011-2930
generic_textual HIGH http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
generic_textual HIGH http://www.debian.org/security/2011/dsa-2301
generic_textual HIGH http://www.openwall.com/lists/oss-security/2011/08/17/1
generic_textual HIGH http://www.openwall.com/lists/oss-security/2011/08/19/11
generic_textual HIGH http://www.openwall.com/lists/oss-security/2011/08/20/1
generic_textual HIGH http://www.openwall.com/lists/oss-security/2011/08/22/13
generic_textual HIGH http://www.openwall.com/lists/oss-security/2011/08/22/14
generic_textual HIGH http://www.openwall.com/lists/oss-security/2011/08/22/5
Reference id Reference type URL
http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
https://api.first.org/data/v1/epss?cve=CVE-2011-2930
https://bugzilla.redhat.com/show_bug.cgi?id=731438
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2930
https://github.com/rails/rails
https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2011-2930.yml
https://nvd.nist.gov/vuln/detail/CVE-2011-2930
http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
http://www.debian.org/security/2011/dsa-2301
http://www.openwall.com/lists/oss-security/2011/08/17/1
http://www.openwall.com/lists/oss-security/2011/08/19/11
http://www.openwall.com/lists/oss-security/2011/08/20/1
http://www.openwall.com/lists/oss-security/2011/08/22/13
http://www.openwall.com/lists/oss-security/2011/08/22/14
http://www.openwall.com/lists/oss-security/2011/08/22/5
GHSA-h6w6-xmqv-7q78 https://github.com/advisories/GHSA-h6w6-xmqv-7q78
GLSA-201412-28 https://security.gentoo.org/glsa/201412-28
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.76726
EPSS Score 0.00955
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T08:57:22.620277+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-h6w6-xmqv-7q78/GHSA-h6w6-xmqv-7q78.json 38.6.0