Remote Code Execution Vulnerability in Ruby on Rails Active Record
CVE-2014-3514

Currently unrated

Key Information:

Vendor: Rubyonrails
Status: Rails
Vendor: CVE Published:; 20 August 2014

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2014-3514?

A flaw in Active Record within Ruby on Rails versions 4.0.x prior to 4.0.9 and 4.1.x prior to 4.1.5 allows remote attackers to exploit the application by bypassing the strong parameters protection mechanism. This vulnerability can be triggered through crafted input in applications utilizing create_with calls, posing a significant threat to application integrity and data security.

References

https://groups.google.com/forum/message/raw?msg=rubyonrai...

mailing-listx_refsource_MLIST

http://secunia.com/advisories/60347

third-party-advisoryx_refsource_SECUNIA

http://openwall.com/lists/oss-security/2014/08/18/10

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 20, 2014
Vulnerability Reserved
May 14, 2014