DescriptionRuby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SU-2012:0434-1, published Fri Mar 30 11:08:17 MDT 2012
- openSUSE-SU-2011:1305-1, published Wed, 7 Dec 2011 15:08:17 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Studio Onsite Runner 1.2|| ||Patchnames: |
SUSE Timeline for this CVECVE page created: Tue Jul 9 17:51:27 2013
CVE page last modified: Tue Nov 29 12:01:14 2022