Ruby on Rails Active Record attr_protected Method Bypass

Metadata

medium
4.3
activerecord
CVE-2013-0276
osvdb.org
2013-02-11
2017-06-16 19:02
CVE-2013-0276 rails
CVE-2013-0276 ruby-activemodel-3.2
CVE-2013-0276 ruby-activerecord-2.3
CVE-2013-0276
2017-04-01 19:10
2017-01-05 20:15

Description

Ruby on Rails contains a flaw in the attr_protected method of the
Active Record. The issue is triggered during the handling of a specially
crafted request, which may allow a remote attacker to bypass protection
mechanisms and alter values that would otherwise be protected.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in Unaffected in
activerecord ~> 2.3.17,~> 3.1.11,>= 3.2.12 None