Ruby On Rails

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:rubyonrails:ruby_on_rails:2.3.17:*:*:*:*:*:*:*

part: a version: 2.3.17 update: *

VendorRubyonrails (a0962337-0e2d-518c-b84b-f2864721d062)
ProductRuby On Rails (88797537-fac3-5a93-a663-7f94dd494eb7)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:deb/debian/rails purl2cpe 2026-06-01 10:11:28.104324
pkg:deb/ubuntu/rails purl2cpe 2026-06-01 10:11:28.104326
pkg:gem/rails purl2cpe 2026-06-01 10:11:28.104328
pkg:github/rails/rails purl2cpe 2026-06-01 10:11:28.104330
pkg:rpm/opensuse/rubygem-rails-7.0 purl2cpe 2026-06-01 10:11:28.104331
pkg:sourceforge/ruby-on-rails.mirror purl2cpe 2026-06-01 10:11:28.104333

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2014-3482 vulnerable 2026-06-03 14:33:54.768748 Details available
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.
Published: 2014-07-07T10:00:00.000Z
Updated: 2024-08-06T10:43:06.174Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2013-1854 vulnerable 2026-06-03 14:32:52.210382 Details available
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.
Published: 2013-03-19T22:00:00.000Z
Updated: 2024-08-06T15:20:36.703Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.