Description
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
Remediation
References
Related Vulnerabilities
WordPress Plugin PHP Event Calendar for WordPress Arbitrary File Upload (1.6)
Drupal Core 5.x Session Fixation (5.0 - 5.8)
WordPress Plugin Arlo training and event management system Cross-Site Scripting (2.1.7.1)
WordPress Plugin Import Legacy Media Cross-Site Scripting (0.1)
PrestaShop Incorrect Authorization Vulnerability (CVE-2020-5287)