activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x prior to 3.2.22.1, 4.0.x and 4.1.x prior to 4.1.14.1, 4.2.x prior to 4.2.5.1, and 5.x prior to 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote malicious users to bypass intended change restrictions by leveraging use of the nested attributes feature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rubyonrails rails 4.2.4 |
||
rubyonrails rails 4.2.1 |
||
rubyonrails rails 4.2.0 |
||
rubyonrails rails 4.1.14 |
||
rubyonrails ruby on rails 4.1.11 |
||
rubyonrails rails 4.1.10 |
||
rubyonrails rails 4.1.8 |
||
rubyonrails rails 4.1.7.1 |
||
rubyonrails rails 4.1.7 |
||
rubyonrails rails 4.1.2 |
||
rubyonrails rails 4.1.0 |
||
rubyonrails rails 4.0.10 |
||
rubyonrails rails 4.0.9 |
||
rubyonrails rails 4.0.5 |
||
rubyonrails rails 4.0.4 |
||
rubyonrails rails 4.0.1 |
||
rubyonrails rails 5.0.0 |
||
rubyonrails rails 4.2.5 |
||
rubyonrails rails 4.2.2 |
||
rubyonrails rails 4.1.13 |
||
rubyonrails rails 4.1.6 |
||
rubyonrails rails 4.1.5 |
||
rubyonrails rails 4.1.1 |
||
rubyonrails ruby on rails 4.0.12 |
||
rubyonrails ruby on rails 4.0.11.1 |
||
rubyonrails rails 4.0.6 |
||
rubyonrails rails 4.0.2 |
||
rubyonrails rails 4.0.0 |
||
rubyonrails ruby on rails |
||
rubyonrails rails 4.1.12 |
||
rubyonrails rails 4.1.9 |
||
rubyonrails rails 4.1.4 |
||
rubyonrails rails 4.1.3 |
||
rubyonrails ruby on rails 4.0.11 |
||
rubyonrails ruby on rails 4.0.10 |
||
rubyonrails rails 4.2.3 |
||
rubyonrails ruby on rails 4.0.13 |
||
rubyonrails rails 4.0.8 |
||
rubyonrails rails 4.0.7 |
||
rubyonrails rails 4.0.3 |