CVE-2016-0753: Possible Input Validation Circumvention

February 15, 2016 (updated August 8, 2019)

Code that uses Active Model based models (including Active Record models) and does not validate user input before passing it to the model can be subject to an attack where specially crafted input will cause the model to skip validations. Rails users using Strong Parameters are generally not impacted by this issue as they are encouraged to allow parameters and must specifically opt-out of input verification using the permit! method to allow mass assignment.

References

groups.google.com/forum/

Detect and mitigate CVE-2016-0753 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →