CVE-2016-0753

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2016-0753
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0753.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-0753
Aliases
Downstream
Related
Published
2016-02-16T02:59:07.690Z
Modified
2025-11-14T04:29:54.775141Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.

References

Affected packages

Git / github.com/rails/rails

Affected ranges

Type
GIT
Repo
https://github.com/rails/rails
Events
Introduced
4e168015cef61207981d2427d4dbb6cf15f71182
Fixed
31ab3aa0e881acfd1475abae602455905a4cadf1

Affected versions

v4.*

v4.1.0
v4.1.1
v4.1.10
v4.1.10.rc1
v4.1.10.rc2
v4.1.10.rc3
v4.1.10.rc4
v4.1.11
v4.1.12
v4.1.12.rc1
v4.1.13
v4.1.13.rc1
v4.1.14
v4.1.14.rc1
v4.1.14.rc2
v4.1.2
v4.1.2.rc1
v4.1.2.rc2
v4.1.2.rc3
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.6.rc1
v4.1.6.rc2
v4.1.7
v4.1.7.1
v4.1.8
v4.1.9
v4.1.9.rc1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-0753.json"