Lucene search
GoogleOSV:GHSA-9RF5-JM6F-2FMMHistoryOct 24, 2017 - 6:33 p.m.
Active Record subject to strong parameters protection bypass
2017-10-2418:33:36
Google
osv.dev
12
0.007 Low
EPSS
Percentile
80.9%
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.
References
openwall.com/lists/oss-security/2014/08/18/10
rhn.redhat.com/errata/RHSA-2014-1102.html
github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3514.yml
groups.google.com/forum/#!msg/rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJ
nvd.nist.gov/vuln/detail/CVE-2014-3514
Related
ubuntucve
ubuntucve
CVE-2014-3514
2014-08-20 00:00:00
redhat
redhat
(RHSA-2014:1102) Important: ror40-rubygem-activerecord security update
2014-08-27 00:00:00
nvd
nvd
CVE-2014-3514
2014-08-20 11:17:14
nessus
nessus
Fedora 20 : rubygem-activerecord-4.0.0-5.fc20 (2014-9706)
2014-09-29 00:00:00
cve
cve
CVE-2014-3514
2014-08-20 11:17:14
veracode
veracode
SQL Injection In Query_methods
2019-01-15 08:59:51
github
github
Active Record subject to strong parameters protection bypass
2017-10-24 18:33:36
debiancve
debiancve
CVE-2014-3514
2014-08-20 11:17:14
prion
prion
Design/Logic Flaw
2014-08-20 11:17:00
gitlab
gitlab
Strong Parameter bypass with create_with
2014-08-20 00:00:00
cvelist
cvelist
CVE-2014-3514
2014-08-20 10:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: rubygem-activerecord-4.0.0-5.fc20
2014-09-26 09:01:18
openvas
openvas
Fedora Update for rubygem-activerecord FEDORA-2014-9706
2014-10-01 00:00:00