Description

activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.

Remediation

References

CVE-2014-3514

Related Vulnerabilities

WebLogic CVE-2020-14652 Vulnerability (CVE-2020-14652)

WordPress Plugin N-Media Website Contact Form with File Upload Arbitrary File Upload (2.1)

WordPress Plugin Adblock Blocker Arbitrary File Upload (0.0.1)

PleskLin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11583)

SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17312)

Severity

High

Classification

CVE-2014-3514 CWE-264

Tags

Missing Update Known Vulnerabilities