CVE-2010-3933
published 2010-10-28CVE-2010-3933: Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of…
PriorityP336medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EPSS
2.25%
80.6th percentile
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| activerecord_project | activerecord | >= 2.3.9 < 2.3.10 | 2.3.10 |
| activerecord_project | activerecord | >= 3.0.0 < 3.0.1 | 3.0.1 |
| debian | rails | — | — |
| rubyonrails | rails | — | — |
| rubyonrails | rails | — | — |
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
vendor_debian6.4LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Rails activerecord gem has Improper Input Validation vulnerability
ghsa·2017-10-24
CVE-2010-3933 [MEDIUM] CWE-20 Rails activerecord gem has Improper Input Validation vulnerability
Rails activerecord gem has Improper Input Validation vulnerability
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
OSV
Rails activerecord gem has Improper Input Validation vulnerability
osv·2017-10-24
CVE-2010-3933 [MEDIUM] Rails activerecord gem has Improper Input Validation vulnerability
Rails activerecord gem has Improper Input Validation vulnerability
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
Debian
CVE-2010-3933: rails - Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which ...
vendor_debian·2010·CVSS 6.4
CVE-2010-3933 [MEDIUM] CVE-2010-3933: rails - Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which ...
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/41930http://securitytracker.com/id?1024624http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0http://www.vupen.com/english/advisories/2010/2719http://secunia.com/advisories/41930http://securitytracker.com/id?1024624http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0http://www.vupen.com/english/advisories/2010/2719
2010-10-28
Published