GHSA-543v-gj2c-r3ch

Source

https://github.com/advisories/GHSA-543v-gj2c-r3ch

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-543v-gj2c-r3ch/GHSA-543v-gj2c-r3ch.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-543v-gj2c-r3ch

Aliases

CVE-2016-0753

Published

2017-10-24T18:33:35Z

Modified

2023-11-12T05:20:24.690044Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

activemodel contains Improper Input Validation

Details

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.

Database specific

{
    "cwe_ids": [
        "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:59:56Z",
    "severity": "MODERATE",
    "nvd_published_at": "2016-02-16T02:59:07Z"
}

References

Affected packages

RubyGems / activemodel

Package

Name: activemodel
Purl: pkg:gem/activemodel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.14.1

Affected versions

4.*

4.1.0

4.1.1

4.1.2.rc1

4.1.2.rc2

4.1.2.rc3

4.1.2

4.1.3

4.1.4

4.1.5

4.1.6.rc1

4.1.6.rc2

4.1.6

4.1.7

4.1.7.1

4.1.8

4.1.9.rc1

4.1.9

4.1.10.rc1

4.1.10.rc2

4.1.10.rc3

4.1.10.rc4

4.1.10

4.1.11

4.1.12.rc1

4.1.12

4.1.13.rc1

4.1.13

4.1.14.rc1

4.1.14.rc2

4.1.14

Database specific

last_known_affected_version_range

"<= 4.1.14.0"

RubyGems / activemodel

Package

Name: activemodel
Purl: pkg:gem/activemodel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0

Fixed

4.2.5.1

Affected versions

4.*

4.2.0

4.2.1.rc1

4.2.1.rc2

4.2.1.rc3

4.2.1.rc4

4.2.1

4.2.2

4.2.3.rc1

4.2.3

4.2.4.rc1

4.2.4

4.2.5.rc1

4.2.5.rc2

4.2.5

Database specific

last_known_affected_version_range

"<= 4.2.5.0"