Description
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
Remediation
References
Related Vulnerabilities
Joomla! Core 1.0.x Multiple Cross-Site Scripting Vulnerabilities (1.0.0 - 1.0.12)
Oracle Database Server CVE-2021-2173 Vulnerability (CVE-2021-2173)
WordPress Plugin Print Invoice & Delivery Notes for WooCommerce Cross-Site Request Forgery (4.7.2)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.20)
Oracle Database Server CVE-2023-22071 Vulnerability (CVE-2023-22071)