High severity vulnerability that affects activerecord

GHSA-hm48-76wh-q86v

Published Aug 21, 2018 · Modified Dec 2, 2024

Description

Withdrawn, accidental duplicate publish.

activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-3514
ADVISORY https://github.com/advisories/GHSA-hm48-76wh-q86v

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes