Описание
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat CloudForms Tools 1 | rubygem-activemodel | Will not fix | ||
| Red Hat Subscription Asset Manager 1.2 | candlepin | Fixed | RHSA-2013:0686 | 26.03.2013 |
| Red Hat Subscription Asset Manager 1.2 | katello | Fixed | RHSA-2013:0686 | 26.03.2013 |
| Red Hat Subscription Asset Manager 1.2 | katello-configure | Fixed | RHSA-2013:0686 | 26.03.2013 |
| Red Hat Subscription Asset Manager 1.2 | rubygem-actionpack | Fixed | RHSA-2013:0686 | 26.03.2013 |
| Red Hat Subscription Asset Manager 1.2 | rubygem-activemodel | Fixed | RHSA-2013:0686 | 26.03.2013 |
| Red Hat Subscription Asset Manager 1.2 | rubygem-delayed_job | Fixed | RHSA-2013:0686 | 26.03.2013 |
| Red Hat Subscription Asset Manager 1.2 | rubygem-json | Fixed | RHSA-2013:0686 | 26.03.2013 |
| Red Hat Subscription Asset Manager 1.2 | rubygem-nokogiri | Fixed | RHSA-2013:0686 | 26.03.2013 |
| Red Hat Subscription Asset Manager 1.2 | rubygem-rack | Fixed | RHSA-2013:0686 | 26.03.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and ...
ActiveRecord vulnerable to modification of protected model attributes
EPSS
5 Medium
CVSS2