Lucene search
RubySecRUBY:ACTIVERECORD-2013-0276-90072HistoryFeb 10, 2013 - 8:00 p.m.
CVE-2013-0276 rubygem-activerecord/rubygem-activemodel: circumvention of attr_protected
2013-02-1020:00:00
RubySec
nvd.nist.gov
22
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.009
Percentile
83.0%
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and
3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection
mechanism and modify protected model attributes via a crafted request.
Affected configurations
Node
rubyactiverecordRange2.3.0–2.3.17
ORrubyactiverecordRange3.1.0–3.1.11
ORrubyactiverecordRange≤3.2.12
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ruby | activerecord | * | cpe:2.3:a:ruby:activerecord:*:*:*:*:*:*:*:* |
References
Related
debiancve
debiancve
CVE-2013-0276
2013-02-13 01:55:05
seebug
seebug
Ruby on Rails 远程安全绕过漏洞(CVE-2013-0276)
2013-03-07 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: rubygem-activemodel-3.2.8-2.fc18
2013-02-21 05:37:58
[SECURITY] Fedora 17 Update: rubygem-activemodel-3.0.11-3.fc17
2013-02-21 05:38:11
gitlab
gitlab
Circumvention of attr_protected
2013-02-12 00:00:00
Circumvention of attr_protected
2013-02-12 00:00:00
osv
osv
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
rails - several
2013-02-12 00:00:00
github
github
ActiveRecord vulnerable to modification of protected model attributes
2017-10-24 18:33:37
nvd
nvd
CVE-2013-0276
2013-02-13 01:55:05
openvas
openvas
Fedora Update for rubygem-activemodel FEDORA-2013-2398
2013-02-22 00:00:00
Fedora Update for rubygem-activemodel FEDORA-2013-2398
2013-02-22 00:00:00
Debian Security Advisory DSA 2620-1 (rails - several vulnerabilities)
2013-02-12 00:00:00
nessus
nessus
Fedora 17 : rubygem-activemodel-3.0.11-3.fc17 (2013-2391)
2013-02-21 00:00:00
FreeBSD : Ruby Activemodel Gem -- Circumvention of attr_protected (beab40bf-c1ca-4d2b-ad46-2f14bac8a968)
2013-02-18 00:00:00
Fedora 18 : rubygem-activemodel-3.2.8-2.fc18 (2013-2398)
2013-02-21 00:00:00
cvelist
cvelist
CVE-2013-0276
2013-02-13 01:00:00
freebsd
freebsd
Ruby Activemodel Gem -- Circumvention of attr_protected
2013-02-11 00:00:00
prion
prion
Cross site request forgery (csrf)
2013-02-13 01:55:00
ubuntucve
ubuntucve
CVE-2013-0276
2013-02-13 00:00:00
cve
cve
CVE-2013-0276
2013-02-13 01:55:05
debian
debian
[SECURITY] [DSA 2620-1] rails security update
2013-02-12 21:09:50
securityvulns
securityvulns
[SECURITY] [DSA 2620-1] rails security update
2013-02-18 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-02-18 00:00:00
Apple Mac OS X multiple security vulnerabilities
2013-06-17 00:00:00
threatpost
threatpost
Ruby on Rails Patches DoS, Remote Execution Flaws
2013-02-13 17:51:57
suse
suse
Security update for Ruby on Rails (important)
2013-04-03 20:06:19
Security update for Ruby On Rails (important)
2013-03-19 18:04:46
veracode
veracode
Input Validation Bypass
2019-05-02 04:44:16
Arbitrary Code Execution
2019-05-02 04:44:25
redhat
redhat
(RHSA-2013:0686) Moderate: Subscription Asset Manager 1.2.1 update
2013-03-26 00:00:00
(RHSA-2013:0582) Moderate: Red Hat OpenShift Enterprise 1.1.1 update
2013-02-28 00:00:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.009
Percentile
83.0%
Related for RUBY:ACTIVERECORD-2013-0276-90072