High severity vulnerability that affects activerecord

Withdrawn, accidental duplicate publish.

activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.

Published: Aug 21, 2018
Updated: Apr 14, 2023
GHSA: GHSA-hm48-76wh-q86v
Severity: High
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
activerecord	4.0.0	4.0.9
activerecord	4.1.0	4.1.5

No references available.

Vulnerability Database

289,697

High severity vulnerability that affects activerecord