activemodel contains Improper Input Validation

RSS Feed MODERATE

GHSA-543v-gj2c-r3ch CVE-2016-0753

Description:

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.

Affected Packages

Ecosystem	Package	Vulnerable Versions	Patched Version
rubygems	`activemodel`	`>= 4.2.0, <= 4.2.5.0` `>= 4.1.0, <= 4.1.14.0`	`4.2.5.1`

Related Dependabot Pull Requests

All Open Closed Merged

No Related Pull Requests

No Dependabot pull requests have been found that reference this security advisory.

Actions

View on GitHub All Advisories

Advisory Details

Published:	October 24, 2017 over 8 years ago
Updated:	June 15, 2026 about 8 hours ago
CVSS Score:	5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS:	2.33% 85th percentile
Source:	Github
Classification:	GENERAL
UUID:	`MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0M3YtZ2oyYy1yM2No`

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Dependabot