CVE-2022-44566
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
09/02/2023
Last modified:
25/03/2025
Description
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:activerecord_project:activerecord:*:*:*:*:*:ruby:*:* | 6.1.7.1 (excluding) | |
| cpe:2.3:a:activerecord_project:activerecord:*:*:*:*:*:ruby:*:* | 7.0.0 (including) | 7.0.4.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html
- https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
- https://code.jeremyevans.net/2022-11-01-forcing-sequential-scans-on-postgresql.html
- https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119