Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote malicious users to modify arbitrary records by changing the names of parameters for form inputs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rubyonrails rails 2.3.9 |
||
rubyonrails rails 3.0.0 |