CVE-2010-3933
EPSS 0.71%Rails activerecord gem has Improper Input Validation vulnerability
Published: 10/24/2017Modified: 12/7/2024
Also known as:GHSA-gjxw-5w2q-7grf
Description
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
Affected packages (1)
- RubyGems/activerecord>= 2.3.9, < 2.3.10
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-3933
- PATCHhttps://github.com/rails/rails
- WEBhttps://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
- WEBhttps://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
- WEBhttps://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
- WEBhttps://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
- WEBhttps://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
- WEBhttp://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0