7.5
CVE-2014-3514
- EPSS 0.33%
- Published 20.08.2014 11:17:14
- Last modified 12.04.2025 10:46:40
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.
Data is provided by the National Vulnerability Database (NVD)
Rubyonrails ≫ Rails Version4.0.0 Update-
Rubyonrails ≫ Rails Version4.0.0 Updatebeta
Rubyonrails ≫ Rails Version4.0.0 Updaterc1
Rubyonrails ≫ Rails Version4.0.0 Updaterc2
Rubyonrails ≫ Rails Version4.0.1 Update-
Rubyonrails ≫ Rails Version4.0.1 Updaterc1
Rubyonrails ≫ Rails Version4.0.1 Updaterc2
Rubyonrails ≫ Rails Version4.0.1 Updaterc3
Rubyonrails ≫ Rails Version4.0.1 Updaterc4
Rubyonrails ≫ Rails Version4.0.2
Rubyonrails ≫ Rails Version4.0.3
Rubyonrails ≫ Rails Version4.0.4
Rubyonrails ≫ Rails Version4.0.5
Rubyonrails ≫ Rails Version4.0.6
Rubyonrails ≫ Rails Version4.0.6 Updaterc1
Rubyonrails ≫ Rails Version4.0.6 Updaterc2
Rubyonrails ≫ Rails Version4.0.6 Updaterc3
Rubyonrails ≫ Rails Version4.0.7
Rubyonrails ≫ Rails Version4.0.8
Rubyonrails ≫ Rails Version4.1.0 Update-
Rubyonrails ≫ Rails Version4.1.0 Updatebeta1
Rubyonrails ≫ Rails Version4.1.1
Rubyonrails ≫ Rails Version4.1.2
Rubyonrails ≫ Rails Version4.1.2 Updaterc1
Rubyonrails ≫ Rails Version4.1.2 Updaterc2
Rubyonrails ≫ Rails Version4.1.2 Updaterc3
Rubyonrails ≫ Rails Version4.1.3
Rubyonrails ≫ Rails Version4.1.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.33% | 0.53 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|