def check_cve_2014_0080
return unless version_between? "4.0.0", "4.0.2" and
@tracker.config.has_gem? :pg
warn :warning_type => 'SQL Injection',
:warning_code => :CVE_2014_0080,
:message => msg(msg_version(rails_version), " contains a SQL injection vulnerability ", msg_cve("CVE-2014-0080"), " with PostgreSQL. Upgrade to ", msg_version("4.0.3")),
:confidence => :high,
:gem_info => gemfile_or_environment(:pg),
:link_path => "https://groups.google.com/d/msg/rubyonrails-security/Wu96YkTUR6s/pPLBMZrlwvYJ"
end