Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-0753

Published: 16/02/2016 Updated: 19/05/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Rubyonrails

Vulnerability Summary

Active Model in Ruby on Rails 4.1.x prior to 4.1.14.1, 4.2.x prior to 4.2.5.1, and 5.x prior to 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote malicious users to bypass intended validation steps via crafted parameters.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

rubyonrails rails 5.0.0

rubyonrails rails

debian debian linux 8.0

fedoraproject fedora 22

fedoraproject fedora 23

opensuse leap 42.1

Vendor Advisories

Debian CVElist Bug Report Logs: rails: CVE-2015-3226: XSS in ActiveSupport::JSON.encode
Debian Bug report logs - #790486 rails: CVE-2015-3226: XSS in ActiveSupport::JSONencode Package: src:rails; Maintainer for src:rails is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Jun 2015 18:36:01 UTC Sever ...
Debian CVElist Bug Report Logs: rails: CVE-2015-3227: Possible Denial of Service attack in Active Support
Debian Bug report logs - #790487 rails: CVE-2015-3227: Possible Denial of Service attack in Active Support Package: src:rails; Maintainer for src:rails is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Jun 2015 1 ...
Debian Security Advisories: DSA-3464-1 rails -- security update
Multiple security issues have been discovered in the Ruby on Rails web application development framework, which may result in denial of service, cross-site scripting, information disclosure or bypass of input validation For the stable distribution (jessie), these problems have been fixed in version 2:418-1+deb8u1 For the unstable distribution ( ...
Red Hat: CVE-2016-0753
A flaw was found in the way the Active Model based models processed attributes An attacker with the ability to pass arbitrary attributes to models could possibly use this flaw to bypass input validation ...

References

NVD-CWE-noinfohttps://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJhttp://www.openwall.com/lists/oss-security/2016/01/25/14http://www.securityfocus.com/bid/82247http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0296.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.htmlhttp://lists.opensuse.org/opensuse-updates/2016-02/msg00043.htmlhttp://www.debian.org/security/2016/dsa-3464http://www.securitytracker.com/id/1034816https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790486https://www.debian.org/security/./dsa-3464
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook