CVE-2023-22794
HIGH8.8EPSS 5.8%SQL Injection Vulnerability via ActiveRecord comments
Published: 1/18/2023Modified: 4/28/2026
Description
A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment.
Affected packages (2)
- Debian/railsfrom 0, < 2:6.0.3.7+dfsg-2+deb11u1
- RubyGems/activerecord>= 6.0.0, < 6.0.6.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-22794
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-22794
- PATCHhttps://github.com/rails/rails
- WEBhttps://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117
- WEBhttps://github.com/rails/rails/commit/d7aba06953f9fa789c411676b941d20df8ef73de
- WEBhttps://github.com/rails/rails/releases/tag/v7.0.4.1
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2023-22794.yml
- WEBhttps://security.netapp.com/advisory/ntap-20240202-0008
- WEBhttps://www.debian.org/security/2023/dsa-5372