CVE-2013-0276 (retired)

Priority
Description
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x
before 3.2.12 allows remote attackers to bypass the attr_protected
protection mechanism and modify protected model attributes via a crafted
request.
Notes
 mdeslaur> in Oneiric+, rails package is just for transition
Package
Upstream:ignored (reached end-of-life)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:https://groups.google.com/group/rubyonrails-security/attach/bb44b98a73ef1a06/2-3-attr_protected.patch?part=3 (2.3)
Package
Upstream:released (3.2.12)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
Upstream:https://groups.google.com/group/rubyonrails-security/attach/bb44b98a73ef1a06/3-2-attr_protected.patch?part=6 (3.2)
More Information

Updated: 2019-08-23 08:52:15 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)