Active Model in Ruby on Rails 4.1.x prior to 4.1.14.1, 4.2.x prior to 4.2.5.1, and 5.x prior to 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote malicious users to bypass intended validation steps via crafted parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rubyonrails rails 5.0.0 |
||
rubyonrails rails |
||
debian debian linux 8.0 |
||
fedoraproject fedora 22 |
||
fedoraproject fedora 23 |
||
opensuse leap 42.1 |