Lucene search
HistoryAug 20, 2014 - 11:17 a.m.
CVE-2014-3514
cve-2014-3514
active record
ruby on rails
remote attackers
strong parameters
create_with calls
security vulnerability
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.9%
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.
Affected configurations
Node
rubyonrailsrailsMatch4.0.0-
ORrubyonrailsrailsMatch4.0.0beta
ORrubyonrailsrailsMatch4.0.0rc1
ORrubyonrailsrailsMatch4.0.0rc2
ORrubyonrailsrailsMatch4.0.1-
ORrubyonrailsrailsMatch4.0.1rc1
ORrubyonrailsrailsMatch4.0.1rc2
ORrubyonrailsrailsMatch4.0.1rc3
ORrubyonrailsrailsMatch4.0.1rc4
ORrubyonrailsrailsMatch4.0.2
ORrubyonrailsrailsMatch4.0.3
ORrubyonrailsrailsMatch4.0.4
ORrubyonrailsrailsMatch4.0.5
ORrubyonrailsrailsMatch4.0.6
ORrubyonrailsrailsMatch4.0.6rc1
ORrubyonrailsrailsMatch4.0.6rc2
ORrubyonrailsrailsMatch4.0.6rc3
ORrubyonrailsrailsMatch4.0.7
ORrubyonrailsrailsMatch4.0.8
ORrubyonrailsrailsMatch4.1.0-
ORrubyonrailsrailsMatch4.1.0beta1
ORrubyonrailsrailsMatch4.1.1
ORrubyonrailsrailsMatch4.1.2
ORrubyonrailsrailsMatch4.1.2rc1
ORrubyonrailsrailsMatch4.1.2rc2
ORrubyonrailsrailsMatch4.1.2rc3
ORrubyonrailsrailsMatch4.1.3
ORrubyonrailsrailsMatch4.1.4
Related
veracode
veracode
SQL Injection In Query_methods
2019-01-15 08:59:51
github
github
Active Record subject to strong parameters protection bypass
2017-10-24 18:33:36
debiancve
debiancve
CVE-2014-3514
2014-08-20 11:17:14
osv
osv
Active Record subject to strong parameters protection bypass
2017-10-24 18:33:36
redhat
redhat
(RHSA-2014:1102) Important: ror40-rubygem-activerecord security update
2014-08-27 00:00:00
nvd
nvd
CVE-2014-3514
2014-08-20 11:17:14
nessus
nessus
Fedora 20 : rubygem-activerecord-4.0.0-5.fc20 (2014-9706)
2014-09-29 00:00:00
prion
prion
Design/Logic Flaw
2014-08-20 11:17:00
gitlab
gitlab
Strong Parameter bypass with create_with
2014-08-20 00:00:00
cvelist
cvelist
CVE-2014-3514
2014-08-20 10:00:00
ubuntucve
ubuntucve
CVE-2014-3514
2014-08-20 00:00:00
openvas
openvas
Fedora Update for rubygem-activerecord FEDORA-2014-9706
2014-10-01 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: rubygem-activerecord-4.0.0-5.fc20
2014-09-26 09:01:18
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.9%
Related for CVE-2014-3514