Back to search
CVE-2016-0753
Published: Feb 16, 2016
Modified: Aug 5, 2024
PUBLISHED
Description
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model
mailing-list
x_refsource_MLIST
[ruby-security-ann] 20160125 [CVE-2016-0753] Possible Input Validation Circumvention in Active Model
mailing-list
x_refsource_MLIST
openSUSE-SU-2016:0372
vendor-advisory
x_refsource_SUSE
FEDORA-2016-94e71ee673
vendor-advisory
x_refsource_FEDORA
FEDORA-2016-73fe05d878
vendor-advisory
x_refsource_FEDORA
FEDORA-2016-cc465a34df
vendor-advisory
x_refsource_FEDORA
SUSE-SU-2016:1146
vendor-advisory
x_refsource_SUSE
1034816
vdb-entry
x_refsource_SECTRACK
DSA-3464
vendor-advisory
x_refsource_DEBIAN
RHSA-2016:0296
vendor-advisory
x_refsource_REDHAT
FEDORA-2016-eb4d6e8aab
vendor-advisory
x_refsource_FEDORA
FEDORA-2016-cb30088b06
vendor-advisory
x_refsource_FEDORA
82247
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now