Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:60662
HistoryMar 07, 2013 - 12:00 a.m.

Ruby on Rails 远程安全绕过漏洞(CVE-2013-0276)

2013-03-0700:00:00
Root
www.seebug.org
25

0.009 Low

EPSS

Percentile

81.2%

JSON

BUGTRAQ ID: 57896
CVE(CAN) ID: CVE-2013-0276

Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。

Ruby on Rails 3.2.12, 3.1.11, 2.3.17之前版本在ActiveRecord的 "attr_protected" 方法中存在错误,没有正确限制访问模块属性的黑名单,通过特制的请求,可导致非法修改某些值。
0
Ruby on Rails 3.2.x
Ruby on Rails 3.1.x
Ruby on Rails 2.3.x
厂商补丁:

Ruby on Rails

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.rubyonrails.com/

Related

nessus 9
gitlab 2
openvas 8
osv 2
github 1
debiancve 1
fedora 2
prion 1
cve 1
freebsd 1
ubuntucve 1
rubygems 1
debian 1
securityvulns 4
threatpost 1
suse 2
redhat 2
veracode 2
gentoo 1
nessus
nessus
FreeBSD : Ruby Activemodel Gem -- Circumvention of attr_protected (beab40bf-c1ca-4d2b-ad46-2f14bac8a968)
2013-02-18 00:00:00
Fedora 17 : rubygem-activemodel-3.0.11-3.fc17 (2013-2391)
2013-02-21 00:00:00
Fedora 18 : rubygem-activemodel-3.2.8-2.fc18 (2013-2398)
2013-02-21 00:00:00
gitlab
gitlab
Circumvention of attr_protected
2013-02-12 00:00:00
Circumvention of attr_protected
2013-02-12 00:00:00
openvas
openvas
Fedora Update for rubygem-activemodel FEDORA-2013-2398
2013-02-22 00:00:00
Fedora Update for rubygem-activemodel FEDORA-2013-2398
2013-02-22 00:00:00
Debian Security Advisory DSA 2620-1 (rails - several vulnerabilities)
2013-02-12 00:00:00
osv
osv
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
rails - several
2013-02-12 00:00:00
github
github
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
debiancve
debiancve
CVE-2013-0276
2013-02-13 01:55:00
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-activemodel-3.2.8-2.fc18
2013-02-21 05:37:58
[SECURITY] Fedora 17 Update: rubygem-activemodel-3.0.11-3.fc17
2013-02-21 05:38:11
prion
prion
Cross site request forgery (csrf)
2013-02-13 01:55:00
cve
cve
CVE-2013-0276
2013-02-13 01:55:00
freebsd
freebsd
Ruby Activemodel Gem -- Circumvention of attr_protected
2013-02-11 00:00:00
ubuntucve
ubuntucve
CVE-2013-0276
2013-02-13 00:00:00
rubygems
rubygems
CVE-2013-0276 rubygem-activerecord/rubygem-activemodel: circumvention of attr_protected
2013-02-10 20:00:00
debian
debian
[SECURITY] [DSA 2620-1] rails security update
2013-02-12 21:09:50
securityvulns
securityvulns
[SECURITY] [DSA 2620-1] rails security update
2013-02-18 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-18 00:00:00
Apple Mac OS X multiple security vulnerabilities
2013-06-17 00:00:00
threatpost
threatpost
Ruby on Rails Patches DoS, Remote Execution Flaws
2013-02-13 17:51:57
suse
suse
Security update for Ruby On Rails (important)
2013-03-19 18:04:46
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
redhat
redhat
(RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update
2013-03-26 00:00:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:44:25
Input Validation Bypass
2019-05-02 04:44:16
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00

0.009 Low

EPSS

Percentile

81.2%

JSON
Related for SSV:60662
nessus9gitlab2openvas8osv2github1debiancve1fedora2prion1cve1freebsd1ubuntucve1rubygems1debian1securityvulns4threatpost1suse2redhat2veracode2gentoo1