Описание
Duplicate Advisory: Moderate severity vulnerability that affects activemodel
Duplicate advisory
This advisory has been withdrawn because it is a duplicate of GHSA-543v-gj2c-r3ch. This link is maintained to preserve external references.
Original Description
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
Пакеты
Наименование
activemodel
rubygems
Затронутые версииВерсия исправления
>= 4.1.0, <= 4.1.14.0
4.1.14.1
Наименование
activemodel
rubygems
Затронутые версииВерсия исправления
>= 4.2, <= 4.2.5.0
4.2.5.1