---
identifier: "GMS-2023-59"
identifiers:
- "GHSA-579w-22j4-4749"
- "GMS-2023-59"
- "CVE-2022-44566"
package_slug: "gem/activerecord"
title: "Duplicate of ./gem/activerecord/CVE-2022-44566.yml"
description: "There is a potential denial of service vulnerability present in ActiveRecord’s
  PostgreSQL adapter. In ActiveRecord <7.0.4.1 and <6.1.7.1, when a value outside
  the range for a 64bit signed integer is provided to the PostgreSQL connection adapter,
  it will treat the target column type as numeric. Comparing integer values against
  numeric values can result in a slow sequential scan resulting in potential Denial
  of Service."
date: "2023-01-18"
pubdate: "2023-01-18"
affected_range: "<0"
fixed_versions:
- "6.1.7.1"
- "7.0.4.1"
affected_versions: "All versions before 6.1.7.1, all versions starting from 7.0.0
  before 7.0.4.1"
not_impacted: "All versions starting from 6.1.7.1 before 7.0.0, all versions starting
  from 7.0.4.1"
solution: "Upgrade to versions 6.1.7.1, 7.0.4.1 or above."
urls:
- "https://github.com/rails/rails/releases/tag/v7.0.4.1"
- "https://github.com/advisories/GHSA-579w-22j4-4749"
uuid: "c16d086a-3f17-4d62-9499-6db6f8352bca"
cwe_ids:
- "CWE-1035"
- "CWE-937"