EUVD-2017-0243

Malware in sbrugna...

GHSA-GR44-7GRC-37VQ ActiveRecord vulnerable to modification of protected model attributes

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

ActiveRecord vulnerable to modification of protected model attributes

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

FreeBSD : Ruby Activemodel Gem -- Circumvention of attr_protected (beab40bf-c1ca-4d2b-ad46-2f14bac8a968)

Aaron Patterson reports : The attrprotected method allows developers to specify a blacklist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. All...

Ruby on Rails Patches DoS, Remote Execution Flaws

Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability...

CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

UBUNTU-CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

CVE-2013-0276

CVE-2013-0276 affects Ruby on Rails ActiveRecord: Rails versions 2.3.17 and earlier, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allow remote attackers to bypass the attr_protected protection and modify protected model attributes via a crafted request. The issue is caused by bypassable handling ...

CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...

Circumvention of attr_protected

The attrprotected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected...

Circumvention of attr_protected

The attrprotected method allows developers to exclude model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected...

Ruby Activemodel Gem -- Circumvention of attr_protected

Aaron Patterson reports: The attrprotected method allows developers to specify a blacklist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. All use...

CVE-2013-0276 rubygem-activerecord/rubygem-activemodel: circumvention of attr_protected

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attrprotected protection mechanism and modify protected model attributes via a crafted request...