Improper Control of Dynamically-Managed Code Resources

Overview graphiti is an Easily build jsonapi.org-compatible APIs Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the Graphiti::Util::ValidationResponseallvalid? method recursively calls model.sendname. An attacker can execute arbitrar...

CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

EUVD-2017-0209

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-8164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A deserialization of untrusted data vulnerability exists in rails 5.2.4.3, rails 6.0.3.1 which can allow an attacker to supply information can be inadvertently...

SUSE CVE-2014-3514

activerecord/lib/activerecord/relation/querymethods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes createwith calls...

SUSE CVE-2020-8164

A deserialization of untrusted data vulnerability exists in rails 5.2.4.3, rails 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters...

rubygem-actionpack: possible strong parameters bypass

A flaw was found in rubygem-actionpack. Untrusted hashes of data is possible for values of each, eachvalue, and eachpair which can lead to cases of user supplied information being leaked from Strong Parameters. Applications that use these hashes may inadvertently use untrusted user input. The...

openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1533)

This update for rubygem-actionpack-51 fixes the following issues : - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. C Tenable Network Security...

OPENSUSE-SU-2020:1575-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project. This update was imported fr...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1575-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description:...

OPENSUSE-SU-2020:1536-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1536-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This updat...

openSUSE: Security Advisory for rubygem-actionpack-5_1 (openSUSE-SU-2020:1533-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1533-1 Security update for rubygem-actionpack-5_1

This update for rubygem-actionpack-51 fixes the following issues: - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. bsc1172177 This update was imported from the SUSE:SLE-15:Update update project...

Security update for rubygem-actionpack-5_1 (important)

openSUSE Security Update: Security update for rubygem-actionpack-51 Announcement ID: openSUSE-SU-2020:1533-1 Rating: important References: 1172177 Cross-References: CVE-2020-8164 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This updat...

Debian DLA-2251-1 : rails security update

Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application. CVE-2020-8164 Strong parameters bypass vector in ActionPack. In some cases us...

CVE-2020-8164

A deserialization of untrusted data vulnerability exists in rails 5.2.4.3, rails 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters...

DEBIAN-CVE-2020-8164

A deserialization of untrusted data vulnerability exists in rails 5.2.4.3, rails 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters...

CVE-2020-8164

A deserialization of untrusted data vulnerability exists in rails 5.2.4.3, rails 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters...

Deserialization of untrusted data

A deserialization of untrusted data vulnerability exists in rails 5.2.4.3, rails 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters...