Lucene search
HistoryOct 28, 2010 - 12:00 a.m.
CVE-2010-3933
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.3%
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
Affected configurations
Node
rubyonrailsrailsMatch2.3.9
ORrubyonrailsrailsMatch3.0.0
Related
github
github
Rails activerecord gem has Improper Input Validation vulnerability
2017-10-24 18:33:38
cve
cve
CVE-2010-3933
2022-10-03 16:20:54
prion
prion
Design/Logic Flaw
2010-10-28 00:00:00
ubuntucve
ubuntucve
CVE-2010-3933
2010-10-28 00:00:00
osv
osv
Rails activerecord gem has Improper Input Validation vulnerability
2017-10-24 18:33:38
openvas
openvas
Ruby on Rails Security Bypass Vulnerability
2010-12-09 00:00:00
Gentoo Security Advisory GLSA 201412-28
2015-09-29 00:00:00
cvelist
cvelist
CVE-2010-3933
2022-10-03 16:20:54
gitlab
gitlab
Improper Input Validation
2017-10-24 00:00:00
debiancve
debiancve
CVE-2010-3933
2022-10-03 16:20:54
nessus
nessus
openSUSE Security Update : rubygem-actionmailer (openSUSE-SU-2011:1305-1)
2014-06-13 00:00:00
openSUSE Security Update : rubygem-actionmailer (openSUSE-SU-2011:1305-1)
2014-06-13 00:00:00
GLSA-201412-28 : Ruby on Rails: Multiple vulnerabilities
2014-12-15 00:00:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
70.3%
Related for NVD:CVE-2010-3933