This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-201401-22
(Active Record: SQL injection)
An Active Record method parameter can mistakenly be used as a scope.
A remote attacker could use specially crafted input to execute arbitrary
The vulnerability may be mitigated by converting the input to an
expected value. This is accomplished by changing instances of
‘Post.find_by_id(params[:id])’ in code using Active Record to
See also :
All Active Record users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-ruby/activerecord-2.3.14-r1'
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true