Moderate severity vulnerability that affects activerecord

Withdrawn, accidental duplicate publish.

activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly implement a certain destroy option, which allows remote attackers to bypass intended change restrictions by leveraging use of the nested attributes feature.

Published: Sep 17, 2018
Updated: Apr 14, 2023
GHSA: GHSA-7phj-gmgx-2r66
Severity: Medium
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
activerecord	4.0.0	4.1.14.1
activerecord	4.2.0	4.2.5.1
activerecord	3.0.0	3.2.22.1

No references available.

Vulnerability Database

289,697

Moderate severity vulnerability that affects activerecord