CVE-2023-22794
Last modified
CVE-2023-22794 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.. EPSS estimates a 2.15% chance of exploitation in the next 30 days.
Description
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Activerecord Project | Activerecord | >= 6.0.0, < 6.0.6.1 |
| Activerecord Project | Activerecord | >= 6.1.0, < 6.1.7.1 |
| Activerecord Project | Activerecord | >= 7.0.0, < 7.0.4.1 |
References
- https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117Exploit, Patch, Vendor Advisory
- https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117Exploit, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-22794?
How severe is CVE-2023-22794?
How do I fix CVE-2023-22794?
Are you affected by CVE-2023-22794?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST