CVE-2014-3514
Published: 20 August 2014
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.
Notes
Author | Note |
---|---|
seth-arnold | in Oneiric-Saucy, rails package is just for transition |
jdstrand | per Debian, only affects 4.0.0 and all later Versions |
Priority
Status
Package | Release | Status |
---|---|---|
rails Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Not vulnerable
(contains no code)
|
|
trusty |
Does not exist
(trusty was not-affected [contains no code])
|
|
upstream |
Not vulnerable
|
|
rails-3.2 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|
|
rails-4.0 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
ruby-actionpack-2.3 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
ruby-actionpack-3.2 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
ruby-activerecord-2.3 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
ruby-activerecord-3.2 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
ruby-activesupport-2.3 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
ruby-activesupport-3.2 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
ruby-rails-2.3 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
trusty |
Does not exist
|
|
upstream |
Ignored
(end of life)
|
|
ruby-rails-3.2 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|