Description
activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.
Remediation
References
Related Vulnerabilities
Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-38887)
Apache HTTP Server CVE-2003-0789 Vulnerability (CVE-2003-0789)
WordPress Plugin Unconfirmed Cross-Site Scripting (1.2.3)
Oracle JRE Cryptographic Issues Vulnerability (CVE-2012-5373)
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-31216)