CVE-2014-0080: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

February 20, 2014 (updated August 8, 2019)

SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute “add data” SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.

References

openwall.com/lists/oss-security/2014/02/18/9
nvd.nist.gov/vuln/detail/CVE-2014-0080

Code Behaviors & Features

Detect and mitigate CVE-2014-0080 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →