Remote Code Execution Vulnerability in Ruby on Rails Active Record
CVE-2014-3514

Currently unrated

Key Information:

Vendor

Rubyonrails

Status
Rails
Vendor
CVE Published:
20 August 2014

What is CVE-2014-3514?

A flaw in Active Record within Ruby on Rails versions 4.0.x prior to 4.0.9 and 4.1.x prior to 4.1.5 allows remote attackers to exploit the application by bypassing the strong parameters protection mechanism. This vulnerability can be triggered through crafted input in applications utilizing create_with calls, posing a significant threat to application integrity and data security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://groups.google.com/forum/message/raw?msg=rubyonrai...
mailing-listx_refsource_MLIST
http://secunia.com/advisories/60347
third-party-advisoryx_refsource_SECUNIA
http://openwall.com/lists/oss-security/2014/08/18/10
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.