Sha256: 84e7fb028f235de38fc52d4563cd8a61728e03ecf5fa20afb1f46be9c1bbe7ee

Contents?: true

Size: 568 Bytes

Versions: 5

Compression:

Stored size: 568 Bytes

Contents

--- 
gem: activerecord
framework: rails
cve: 2013-0276
osvdb: 90072
url: http://osvdb.org/show/osvdb/90072
title: Ruby on Rails Active Record attr_protected Method Bypass
date: 2013-02-11

description: |
  Ruby on Rails contains a flaw in the attr_protected method of the
  Active Record. The issue is triggered during the handling of a specially
  crafted request, which may allow a remote attacker to bypass protection
  mechanisms and alter values that would otherwise be protected.

cvss_v2: 5.0

patched_versions: 
  - "~> 2.3.17"
  - "~> 3.1.11"
  - ">= 3.2.12"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/activerecord/OSVDB-90072.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/activerecord/OSVDB-90072.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/activerecord/OSVDB-90072.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/activerecord/OSVDB-90072.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/activerecord/OSVDB-90072.yml