ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and
3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection
mechanism and modify protected model attributes via a crafted request.
CPE | Name | Operator | Version |
---|---|---|---|
activerecord | le | 2.3.16 | |
activerecord | ge | 2.4.0 | |
activerecord | le | 3.1.10 | |
activerecord | ge | 3.2.0 | |
activerecord | lt | 3.2.12 |