puzzle_blog

Chef & Rails CVE-2014-3482

Avatar

By

At 17:11 UTC, the Rails security team publicized CVE-2014-3482 and CVE-2014-3483. In short, this vulnerability is related to the PostgreSQL adapater in ActiveRecord. A bug in the SQL quoting code could allow an attacker to carefully craft a request and execute a SQL injection. Only applications which query against bitstring or range type columns were vulnerable.

After a careful investigation of our various services, both internal and external, we concluded that no Chef Software products are vulnerable to CVE-2014-3482/3.

We take security very seriously at Chef Software. In accordance with our responsible disclosure policy, please email security (at) getchef.com to bring vulnerabilities to our attention.

Posted in:

Seth Vargo

Seth Vargo is a Release Engineer and Awesome Community Chef at CHEF. When he is not forcing Jenkins to bend to his will, Seth is contributing to Chef core, writing cookbooks, or working on new open source tooling. Seth is the author or core team member for Berkshelf, Fauxhai, ChefSpec, Strainer and more. Seth was the original author of #learnchef and drinks a lot of Diet Coke. Seth regularly hangs out on IRC, Twitter, and GitHub. You can find him under the single moniker "@sethvargo" almost everywhere on the Internet.

Categories

INTERNET US

Company
Using Chef
Legal
Connect with us
Contact Us

Chef is part of the Progress product portfolio. Progress is the leading provider of application development and digital experience technologies.

Copyright © 2024 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.

Progress, Telerik, Ipswitch, Chef, Kemp, Flowmon, MarkLogic, Semaphore and certain product names used herein are trademarks or registered trademarks of Progress Software Corporation and/or one of its subsidiaries or affiliates in the U.S. and/or other countries. See Trademarks for appropriate markings.

Do Not Sell or Share My Personal Information

Powered by Progress Sitefinity