Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
References
Link | Resource |
---|---|
http://secunia.com/advisories/41930 | Vendor Advisory |
http://securitytracker.com/id?1024624 | |
http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0 | Vendor Advisory |
http://www.vupen.com/english/advisories/2010/2719 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2010-10-28 00:00
Updated : 2024-02-28 11:41
NVD link : CVE-2010-3933
Mitre link : CVE-2010-3933
CVE.ORG link : CVE-2010-3933
JSON object : View
Products Affected
rubyonrails
- rails
CWE
CWE-20
Improper Input Validation