7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.9%
activerecord/lib/active_record/relation/query_methods.rb in Active Record
in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote
attackers to bypass the strong parameters protection mechanism via crafted
input to an application that makes create_with calls.
Author | Note |
---|---|
seth-arnold | in Oneiric-Saucy, rails package is just for transition |
jdstrand | per Debian, only affects 4.0.0 and all later Versions |