CVE-2011-2930

Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.
References
Link Resource
http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6 Patch
http://www.debian.org/security/2011/dsa-2301
http://www.openwall.com/lists/oss-security/2011/08/17/1 Patch
http://www.openwall.com/lists/oss-security/2011/08/19/11 Patch
http://www.openwall.com/lists/oss-security/2011/08/20/1 Patch
http://www.openwall.com/lists/oss-security/2011/08/22/13 Patch
http://www.openwall.com/lists/oss-security/2011/08/22/14
http://www.openwall.com/lists/oss-security/2011/08/22/5 Patch
https://bugzilla.redhat.com/show_bug.cgi?id=731438 Patch
https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85 Patch
http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6 Patch
http://www.debian.org/security/2011/dsa-2301
http://www.openwall.com/lists/oss-security/2011/08/17/1 Patch
http://www.openwall.com/lists/oss-security/2011/08/19/11 Patch
http://www.openwall.com/lists/oss-security/2011/08/20/1 Patch
http://www.openwall.com/lists/oss-security/2011/08/22/13 Patch
http://www.openwall.com/lists/oss-security/2011/08/22/14
http://www.openwall.com/lists/oss-security/2011/08/22/5 Patch
https://bugzilla.redhat.com/show_bug.cgi?id=731438 Patch
https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*
cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*

History

21 Nov 2024, 01:29

Type Values Removed Values Added
References () http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain - Patch () http://groups.google.com/group/rubyonrails-security/msg/b1a85d36b0f9dd30?dmode=source&output=gplain - Patch
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html - () http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html -
References () http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6 - Patch () http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6 - Patch
References () http://www.debian.org/security/2011/dsa-2301 - () http://www.debian.org/security/2011/dsa-2301 -
References () http://www.openwall.com/lists/oss-security/2011/08/17/1 - Patch () http://www.openwall.com/lists/oss-security/2011/08/17/1 - Patch
References () http://www.openwall.com/lists/oss-security/2011/08/19/11 - Patch () http://www.openwall.com/lists/oss-security/2011/08/19/11 - Patch
References () http://www.openwall.com/lists/oss-security/2011/08/20/1 - Patch () http://www.openwall.com/lists/oss-security/2011/08/20/1 - Patch
References () http://www.openwall.com/lists/oss-security/2011/08/22/13 - Patch () http://www.openwall.com/lists/oss-security/2011/08/22/13 - Patch
References () http://www.openwall.com/lists/oss-security/2011/08/22/14 - () http://www.openwall.com/lists/oss-security/2011/08/22/14 -
References () http://www.openwall.com/lists/oss-security/2011/08/22/5 - Patch () http://www.openwall.com/lists/oss-security/2011/08/22/5 - Patch
References () https://bugzilla.redhat.com/show_bug.cgi?id=731438 - Patch () https://bugzilla.redhat.com/show_bug.cgi?id=731438 - Patch
References () https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85 - Patch () https://github.com/rails/rails/commit/8a39f411dc3c806422785b1f4d5c7c9d58e4bf85 - Patch

Information

Published : 2011-08-29 18:55

Updated : 2024-11-21 01:29


NVD link : CVE-2011-2930

Mitre link : CVE-2011-2930

CVE.ORG link : CVE-2011-2930


JSON object : View

Products Affected

rubyonrails

  • rails
  • ruby_on_rails
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')