Description

activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.

Remediation

References

CVE-2014-3514

Related Vulnerabilities

TYPO3 Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-21339)

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3137)

WordPress Plugin WP-Recall-Registration, Profile, Commerce & More Security Bypass (16.26.6)

WordPress Plugin Social Sharing-Sassy Social Share PHP Object Injection (3.3.23)

MySQL CVE-2019-2535 Vulnerability (CVE-2019-2535)

Severity

High

Classification

CVE-2014-3514 CWE-264

Tags

Missing Update Known Vulnerabilities