CVE-2014-3514 (retired)

Priority
Description
activerecord/lib/active_record/relation/query_methods.rb in Active Record
in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote
attackers to bypass the strong parameters protection mechanism via crafted
input to an application that makes create_with calls.
Notes
 sarnold> in Oneiric-Saucy, rails package is just for transition
 jdstrand> per Debian, only affects 4.0.0 and all later Versions
Package
Source: rails (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (contains no code)
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:ignored (reached end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:ignored (reached end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:ignored (reached end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:ignored (reached end-of-life)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
More Information

Updated: 2019-03-26 12:13:05 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)