GHSA-V543-GQHH-6GWW Duplicate Advisory: Moderate severity vulnerability that affects activemodel

Duplicate advisory This advisory has been withdrawn because it is a duplicate of GHSA-543v-gj2c-r3ch. This link is maintained to preserve external references. Original Description Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the...

GHSA-543V-GJ2C-R3CH activemodel contains Improper Input Validation

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters...

activemodel contains Improper Input Validation

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters...

The vulnerability of the Ruby on Rails software platform, which allows attackers to bypass the mechanism for verifying data correctness

The vulnerability of the Ruby on Rails software platform lies in the fact that the Active Model component supports the use of instance-level records for class methods. Exploiting this vulnerability allows a malicious actor to bypass the data validation mechanism by using a specially crafted...

rubygem-activerecord: possible input validation circumvention in Active Model

A flaw was found in the way the Active Model based models processed attributes. An attacker with the ability to pass arbitrary attributes to models could possibly use this flaw to bypass input validation...

Design/Logic Flaw

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters...

CVE-2016-0753

CVE-2016-0753 affects Active Model in Rails up to 5.x (4.1.x < 4.1.14.1, 4.2.x < 4.2.5.1, 5.x

CVE-2016-0753

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters...

Possible Input Validation Circumvention

Code that uses Active Model based models including Active Record models and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacte...

Ruby on Rails Active Model Security Bypass Vulnerability

Ruby on Rails is the Rails core team to develop and maintain a set of open source Web application framework based on the Ruby language . Active Model is one of the libraries containing various modules . A security vulnerability exists in Ruby on Rails Active Model that allows remote attackers to...

PT-2016-1365 · Ruby +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions 4.1.x through 4.1.14, Ruby on Rails versions 4.2.x through 4.2.5, Ruby on Rails versions 5.x through 5.0.0.beta1 Description: The issue is related to the Active Model component in Ruby on Rails, which supports the use o...

Possible Input Validation Circumvention in Active Model

There is a possible input validation circumvention vulnerability in Active Model. This vulnerability has been assigned the CVE identifier CVE-2016-0753. Versions Affected: 4.1.0 and newer Not affected: 4.0.13 and older Fixed Versions: 5.0.0.beta1.1, 4.2.5.1, 4.1.14.1 Impact ------ Code that uses...

Ruby on Rails ActiveModel::Name Remote Denial of Service Vulnerability

Ruby on Rails is a web application framework , built on top of the Ruby language . A security vulnerability in Rails ActiveModel::Name allows an attacker to send specially crafted data to an application, causing tojson to call ActiveModel::Name, which can cause the application to cause a dead loo...