Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ruby on Rails Active Model 安全绕过漏洞
Vulnerability Description
Ruby on Rails(Rails)是Rails核心团队开发维护的一套基于Ruby语言的开源Web应用框架,它是由大卫-海纳梅尔-韩森从美国37signals公司的项目管理工具Basecamp里分离出来的。Active Model是其中的一个包含各种模块(用于开发需要在活动记录上呈现的功能类的各种模块)的库。 Ruby on Rails的Active Model中存在安全漏洞,该漏洞源于程序允许类访问器使用实例级别的写入程序。远程攻击者可借助特制的参数利用该漏洞绕过既定的验证操作。以下版本受到影响:R
CVSS Information
N/A
Vulnerability Type
N/A