A denial of service vulnerability present in ActiveRecords PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Activerecord | Activerecord_project | * | 6.1.7.1 (excluding) |
Activerecord | Activerecord_project | 7.0.0 (including) | 7.0.4.1 (excluding) |