VYPR
Get started
← All advisories
High severityNVD Advisory· Published Jul 7, 2014· Updated May 6, 2026

CVE-2014-3482

CVE-2014-3482

Description

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
activerecordRubyGems
>= 2.0.0, < 3.2.193.2.19

Affected products

125
  • Rubyonrails/Rails123 versions
    cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*+ 122 more
    • cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.13:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.14:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.15:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.16:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.18:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.16:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.17:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.18:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*
  • Rubyonrails/Ruby On Rails2 versions
    cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*

Patches

1
1f2192e46d78
https://github.com/rails/railsvia ghsa
commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

12

News mentions

0

No linked articles in our index yet.