CVE-2014-3514
Description
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.331
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-3514 are fixed in Ruby-activerecord 4.0.9 | Windows |
| Vulnerabilities CVE-2014-3514 are fixed in Ruby-activerecord 4.1.5 | Windows |
| Vulnerabilities CVE-2014-3514 are fixed in Ruby-activerecord for Linux 4.0.9 | Linux |
| Vulnerabilities CVE-2014-3514 are fixed in Ruby-activerecord for Linux 4.1.5 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234