Ruby on Rails Active Record attr_protected Method Bypass
Ruby on Rails contains a flaw in the attr_protected method of the
Active Record. The issue is triggered during the handling of a specially
crafted request, which may allow a remote attacker to bypass protection
mechanisms and alter values that would otherwise be protected.
Am I vulnerable?
The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.
Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.Sign up for monitoring
Affected package information
|Package||Patched in||Unaffected in|