4.3

CVE-2013-0276

ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RubyonrailsRails Version3.2.0
RubyonrailsRails Version3.2.0 Updaterc1
RubyonrailsRails Version3.2.0 Updaterc2
RubyonrailsRails Version3.2.1
RubyonrailsRails Version3.2.2
RubyonrailsRails Version3.2.2 Updaterc1
RubyonrailsRails Version3.2.3
RubyonrailsRails Version3.2.3 Updaterc1
RubyonrailsRails Version3.2.3 Updaterc2
RubyonrailsRails Version3.2.4
RubyonrailsRails Version3.2.4 Updaterc1
RubyonrailsRails Version3.2.5
RubyonrailsRails Version3.2.6
RubyonrailsRails Version3.2.7
RubyonrailsRails Version3.2.8
RubyonrailsRails Version3.2.9
RubyonrailsRails Version3.2.10
RubyonrailsRails Version3.2.11
RubyonrailsRails Version3.1.0
RubyonrailsRails Version3.1.0 Updatebeta1
RubyonrailsRails Version3.1.0 Updaterc1
RubyonrailsRails Version3.1.0 Updaterc2
RubyonrailsRails Version3.1.0 Updaterc3
RubyonrailsRails Version3.1.0 Updaterc4
RubyonrailsRails Version3.1.0 Updaterc5
RubyonrailsRails Version3.1.0 Updaterc6
RubyonrailsRails Version3.1.0 Updaterc7
RubyonrailsRails Version3.1.0 Updaterc8
RubyonrailsRails Version3.1.1
RubyonrailsRails Version3.1.1 Updaterc1
RubyonrailsRails Version3.1.1 Updaterc2
RubyonrailsRails Version3.1.1 Updaterc3
RubyonrailsRails Version3.1.2
RubyonrailsRails Version3.1.2 Updaterc1
RubyonrailsRails Version3.1.2 Updaterc2
RubyonrailsRails Version3.1.3
RubyonrailsRails Version3.1.4
RubyonrailsRails Version3.1.4 Updaterc1
RubyonrailsRails Version3.1.5
RubyonrailsRails Version3.1.5 Updaterc1
RubyonrailsRails Version3.1.6
RubyonrailsRails Version3.1.7
RubyonrailsRails Version3.1.8
RubyonrailsRails Version3.1.9
RubyonrailsRails Version3.1.10
RubyonrailsRails Version2.3.0
RubyonrailsRails Version2.3.1
RubyonrailsRails Version2.3.2
RubyonrailsRails Version2.3.3
RubyonrailsRails Version2.3.4
RubyonrailsRails Version2.3.9
RubyonrailsRails Version2.3.10
RubyonrailsRails Version2.3.11
RubyonrailsRails Version2.3.12
RubyonrailsRails Version2.3.13
RubyonrailsRails Version2.3.14
RubyonrailsRails Version2.3.15
RubyonrailsRails Version2.3.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.46% 0.823
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://support.apple.com/kb/HT5784
http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
http://rhn.redhat.com/errata/RHSA-2013-0686.html
http://secunia.com/advisories/52774
http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
Vendor Advisory
http://secunia.com/advisories/52112
http://www.debian.org/security/2013/dsa-2620
http://www.openwall.com/lists/oss-security/2013/02/11/5
Patch
http://www.osvdb.org/90072
http://www.securityfocus.com/bid/57896
https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain