Lucene search

RedhatCVE-2013-0276

HistoryFeb 13, 2013 - 1:55 a.m.

CVE-2013-0276

2013-02-1301:55:05

CWE-264

redhat

web.nvd.nist.gov

cve-2013-0276

ruby on rails

activerecord

security vulnerability

attr_protected

remote attack

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.2

Confidence

Low

EPSS

0.009

Percentile

83.0%

JSON

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.

Affected configurations

Nvd

Node

rubyonrailsrailsMatch3.2.0

rubyonrailsrailsMatch3.2.0rc1

rubyonrailsrailsMatch3.2.0rc2

rubyonrailsrailsMatch3.2.1

rubyonrailsrailsMatch3.2.2

rubyonrailsrailsMatch3.2.2rc1

rubyonrailsrailsMatch3.2.3

rubyonrailsrailsMatch3.2.3rc1

rubyonrailsrailsMatch3.2.3rc2

rubyonrailsrailsMatch3.2.4

rubyonrailsrailsMatch3.2.4rc1

rubyonrailsrailsMatch3.2.5

rubyonrailsrailsMatch3.2.6

rubyonrailsrailsMatch3.2.7

rubyonrailsrailsMatch3.2.8

rubyonrailsrailsMatch3.2.9

rubyonrailsrailsMatch3.2.10

rubyonrailsrailsMatch3.2.11

Node

rubyonrailsrailsMatch3.1.0

rubyonrailsrailsMatch3.1.0beta1

rubyonrailsrailsMatch3.1.0rc1

rubyonrailsrailsMatch3.1.0rc2

rubyonrailsrailsMatch3.1.0rc3

rubyonrailsrailsMatch3.1.0rc4

rubyonrailsrailsMatch3.1.0rc5

rubyonrailsrailsMatch3.1.0rc6

rubyonrailsrailsMatch3.1.0rc7

rubyonrailsrailsMatch3.1.0rc8

rubyonrailsrailsMatch3.1.1

rubyonrailsrailsMatch3.1.1rc1

rubyonrailsrailsMatch3.1.1rc2

rubyonrailsrailsMatch3.1.1rc3

rubyonrailsrailsMatch3.1.2

rubyonrailsrailsMatch3.1.2rc1

rubyonrailsrailsMatch3.1.2rc2

rubyonrailsrailsMatch3.1.3

rubyonrailsrailsMatch3.1.4

rubyonrailsrailsMatch3.1.4rc1

rubyonrailsrailsMatch3.1.5

rubyonrailsrailsMatch3.1.5rc1

rubyonrailsrailsMatch3.1.6

rubyonrailsrailsMatch3.1.7

rubyonrailsrailsMatch3.1.8

rubyonrailsrailsMatch3.1.9

rubyonrailsrailsMatch3.1.10

Node

rubyonrailsrailsMatch2.3.0

rubyonrailsrailsMatch2.3.1

rubyonrailsrailsMatch2.3.2

rubyonrailsrailsMatch2.3.3

rubyonrailsrailsMatch2.3.4

rubyonrailsrailsMatch2.3.9

rubyonrailsrailsMatch2.3.10

rubyonrailsrailsMatch2.3.11

rubyonrailsrailsMatch2.3.12

rubyonrailsrailsMatch2.3.13

rubyonrailsrailsMatch2.3.14

rubyonrailsrailsMatch2.3.15

rubyonrailsrailsMatch2.3.16

VendorProductVersionCPE
rubyonrailsrails3.2.0cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*
rubyonrailsrails3.2.0cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*
rubyonrailsrails3.2.0cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*
rubyonrailsrails3.2.1cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*
rubyonrailsrails3.2.2cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*
rubyonrailsrails3.2.2cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*
rubyonrailsrails3.2.3cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*
rubyonrailsrails3.2.3cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*
rubyonrailsrails3.2.3cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*
rubyonrailsrails3.2.4cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rubyonrails	rails	3.2.0	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
rubyonrails	rails	3.2.0	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
rubyonrails	rails	3.2.0	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
rubyonrails	rails	3.2.1	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
rubyonrails	rails	3.2.2	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
rubyonrails	rails	3.2.2	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
rubyonrails	rails	3.2.3	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
rubyonrails	rails	3.2.3	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
rubyonrails	rails	3.2.3	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
rubyonrails	rails	3.2.4	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*