--- 
gem: activerecord
framework: rails
cve: 2013-0276
osvdb: 90072
url: http://osvdb.org/show/osvdb/90072
title: Ruby on Rails Active Record attr_protected Method Bypass
date: 2013-02-11

description: |
  Ruby on Rails contains a flaw in the attr_protected method of the
  Active Record. The issue is triggered during the handling of a specially
  crafted request, which may allow a remote attacker to bypass protection
  mechanisms and alter values that would otherwise be protected.

cvss_v2: 5.0

patched_versions: 
  - "~> 2.3.17"
  - "~> 3.1.11"
  - ">= 3.2.12"