Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2014-3514

Published: 20/08/2014 Updated: 08/08/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Rails

Vulnerability Summary

activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x prior to 4.0.9 and 4.1.x prior to 4.1.5 allows remote malicious users to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.

Vulnerable Product Search on Vulmon Subscribe to Product

rubyonrails rails 4.0.0

rubyonrails rails 4.0.2

rubyonrails rails 4.0.3

rubyonrails rails 4.0.7

rubyonrails rails 4.1.0

rubyonrails rails 4.1.3

rubyonrails rails 4.1.4

rubyonrails rails 4.0.8

rubyonrails rails 4.0.1

rubyonrails rails 4.0.6

rubyonrails rails 4.1.2

rubyonrails rails 4.0.4

rubyonrails rails 4.0.5

rubyonrails rails 4.1.1

Vendor Advisories

Red Hat: CVE-2014-3514
It was discovered that Active Record's create_with method failed to properly check attributes passed to it A remote attacker could possibly use this flaw to bypass the strong parameter protection and modify arbitrary model attributes via mass assignment if an application using Active Record called create_with with untrusted values ...

Github Repositories

https://github.com/jgorset/can-i-hack-database

The database powering "can I hack".

Can I hack database The database powering "can I hack" Contribute Fork the repository Do your thing Send a pull request and bug me until I merge it! Format { "name": "Ruby on Rails", "versions": [ "420beta2", "420beta1", "416", "416rc2", "416rc1", "415&quo

References

CWE-264http://openwall.com/lists/oss-security/2014/08/18/10https://groups.google.com/forum/message/raw?msg=rubyonrails-security/M4chq5Sb540/CC1Fh0Y_NWwJhttp://rhn.redhat.com/errata/RHSA-2014-1102.htmlhttp://secunia.com/advisories/60347https://nvd.nist.govhttps://github.com/jgorset/can-i-hack-databasehttps://access.redhat.com/security/cve/cve-2014-3514
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook