Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-7B94EA7F052DEFEE3E0ACBB3665B37B3HistoryFeb 12, 2013 - 12:00 a.m.
Circumvention of attr_protected
2013-02-1200:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
22
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.009
Percentile
83.0%
The attr_protected method allows developers to exclude model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.
Affected configurations
Node
gemactivemodelRange3.0.0≥
ORgemactivemodelRange<3.1.11
ORgemactivemodelRange3.2.0≥
ORgemactivemodelRange<3.2.12
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gem | activemodel | * | cpe:2.3:a:gem:activemodel:*:*:*:*:*:*:*:* |
Related
osv
osv
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
rails - several
2013-02-12 00:00:00
nvd
nvd
CVE-2013-0276
2013-02-13 01:55:05
github
github
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
openvas
openvas
Fedora Update for rubygem-activemodel FEDORA-2013-2398
2013-02-22 00:00:00
Fedora Update for rubygem-activemodel FEDORA-2013-2398
2013-02-22 00:00:00
Debian: Security Advisory (DSA-2620-1)
2013-02-11 00:00:00
nessus
nessus
Fedora 17 : rubygem-activemodel-3.0.11-3.fc17 (2013-2391)
2013-02-21 00:00:00
FreeBSD : Ruby Activemodel Gem -- Circumvention of attr_protected (beab40bf-c1ca-4d2b-ad46-2f14bac8a968)
2013-02-18 00:00:00
Fedora 18 : rubygem-activemodel-3.2.8-2.fc18 (2013-2398)
2013-02-21 00:00:00
gitlab
gitlab
Circumvention of attr_protected
2013-02-12 00:00:00
cvelist
cvelist
CVE-2013-0276
2013-02-13 01:00:00
debiancve
debiancve
CVE-2013-0276
2013-02-13 01:55:05
seebug
seebug
Ruby on Rails 远程安全绕过漏洞(CVE-2013-0276)
2013-03-07 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-activemodel-3.2.8-2.fc18
2013-02-21 05:37:58
[SECURITY] Fedora 17 Update: rubygem-activemodel-3.0.11-3.fc17
2013-02-21 05:38:11
freebsd
freebsd
Ruby Activemodel Gem -- Circumvention of attr_protected
2013-02-11 00:00:00
prion
prion
Cross site request forgery (csrf)
2013-02-13 01:55:00
ubuntucve
ubuntucve
CVE-2013-0276
2013-02-13 00:00:00
rubygems
rubygems
cve
cve
CVE-2013-0276
2013-02-13 01:55:05
debian
debian
[SECURITY] [DSA 2620-1] rails security update
2013-02-12 21:09:50
securityvulns
securityvulns
[SECURITY] [DSA 2620-1] rails security update
2013-02-18 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-18 00:00:00
Apple Mac OS X multiple security vulnerabilities
2013-06-17 00:00:00
threatpost
threatpost
Ruby on Rails Patches DoS, Remote Execution Flaws
2013-02-13 17:51:57
suse
suse
Security update for Ruby On Rails (important)
2013-03-19 18:04:46
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
veracode
veracode
Arbitrary Code Execution
2019-05-02 04:44:25
Input Validation Bypass
2019-05-02 04:44:16
redhat
redhat
(RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update
2013-03-26 00:00:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.009
Percentile
83.0%
Related for GITLAB-7B94EA7F052DEFEE3E0ACBB3665B37B3