Описание
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| rails | fixed | 2:4.2.5.1-1 | package | |
| rails | not-affected | wheezy | package | |
| rails | end-of-life | squeeze | package | |
| ruby-activerecord-3.2 | removed | package | ||
| ruby-activerecord-2.3 | removed | package | ||
| ruby-activerecord-2.3 | end-of-life | wheezy | package | |
| ruby-activesupport-3.2 | removed | package | ||
| ruby-activesupport-2.3 | removed | package | ||
| ruby-activesupport-2.3 | end-of-life | wheezy | package | |
| ruby-activemodel-3.2 | removed | package |
EPSS
Связанные уязвимости
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
Уязвимость программной платформы Ruby on Rails, позволяющая нарушителю обойти механизм проверки правильности данных
EPSS