Lucene search
Ubuntu.comUB:CVE-2013-0276HistoryFeb 13, 2013 - 12:00 a.m.
CVE-2013-0276
2013-02-1300:00:00
ubuntu.com
ubuntu.com
14
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.009 Low
EPSS
Percentile
82.8%
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x
before 3.2.12 allows remote attackers to bypass the attr_protected
protection mechanism and modify protected model attributes via a crafted
request.
Notes
| Author | Note |
|---|---|
| mdeslaur | in Oneiric+, rails package is just for transition |
Related
openvas
openvas
Fedora Update for rubygem-activemodel FEDORA-2013-2398
2013-02-22 00:00:00
Fedora Update for rubygem-activemodel FEDORA-2013-2398
2013-02-22 00:00:00
Debian Security Advisory DSA 2620-1 (rails - several vulnerabilities)
2013-02-12 00:00:00
github
github
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
osv
osv
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
rails - several
2013-02-12 00:00:00
debiancve
debiancve
CVE-2013-0276
2013-02-13 01:55:00
nessus
nessus
Fedora 17 : rubygem-activemodel-3.0.11-3.fc17 (2013-2391)
2013-02-21 00:00:00
FreeBSD : Ruby Activemodel Gem -- Circumvention of attr_protected (beab40bf-c1ca-4d2b-ad46-2f14bac8a968)
2013-02-18 00:00:00
Fedora 18 : rubygem-activemodel-3.2.8-2.fc18 (2013-2398)
2013-02-21 00:00:00
gitlab
gitlab
Circumvention of attr_protected
2013-02-12 00:00:00
Circumvention of attr_protected
2013-02-12 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-activemodel-3.2.8-2.fc18
2013-02-21 05:37:58
[SECURITY] Fedora 17 Update: rubygem-activemodel-3.0.11-3.fc17
2013-02-21 05:38:11
seebug
seebug
Ruby on Rails 远程安全绕过漏洞(CVE-2013-0276)
2013-03-07 00:00:00
prion
prion
Cross site request forgery (csrf)
2013-02-13 01:55:00
freebsd
freebsd
Ruby Activemodel Gem -- Circumvention of attr_protected
2013-02-11 00:00:00
cve
cve
CVE-2013-0276
2013-02-13 01:55:00
rubygems
rubygems
debian
debian
[SECURITY] [DSA 2620-1] rails security update
2013-02-12 21:09:50
securityvulns
securityvulns
[SECURITY] [DSA 2620-1] rails security update
2013-02-18 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-18 00:00:00
Apple Mac OS X multiple security vulnerabilities
2013-06-17 00:00:00
threatpost
threatpost
Ruby on Rails Patches DoS, Remote Execution Flaws
2013-02-13 17:51:57
suse
suse
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
Security update for Ruby On Rails (important)
2013-03-19 18:04:46
veracode
veracode
Input Validation Bypass
2019-05-02 04:44:16
Arbitrary Code Execution
2019-05-02 04:44:25
redhat
redhat
(RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update
2013-03-26 00:00:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.009 Low
EPSS
Percentile
82.8%
Related for UB:CVE-2013-0276