GHSA-9rf5-jm6f-2fmm
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9rf5-jm6f-2fmm
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-9rf5-jm6f-2fmm/GHSA-9rf5-jm6f-2fmm.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9rf5-jm6f-2fmm
- Aliases
- Published
- 2017-10-24T18:33:36Z
- Modified
- 2024-11-29T05:41:44.037978Z
- Summary
- Active Record subject to strong parameters protection bypass
- Details
-
activerecord/lib/active_record/relation/query_methods.rbin Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makescreate_withcalls. - Database specific
{ "nvd_published_at": "2014-08-20T11:17:14Z", "cwe_ids": [ "CWE-284" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:29:34Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-3514
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml
- https://groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
- https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
- http://openwall.com/lists/oss-security/2014/08/18/10
- http://rhn.redhat.com/errata/RHSA-2014-1102.html
Affected packages
RubyGems / activerecord
Package
- Name
- activerecord
- Purl
- pkg:gem/activerecord
RubyGems / activerecord
Package
- Name
- activerecord
- Purl
- pkg:gem/activerecord