CVE-2010-3933

Improper Input Validation in gem/activerecord

Identifiers

GHSA-gjxw-5w2q-7grf, CVE-2010-3933

Package Slug

gem/activerecord

Vulnerability

Improper Input Validation

Description

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

Affected Versions

All versions starting from 2.3.9 before 2.3.10, all versions starting from 3.0.0 before 3.0.1

Solution

Upgrade to versions 2.3.10, 3.0.1 or above.

Last Modified

2023-05-29

source