Ruby on Rails 'create_with()' Function Security Bypass Vulnerability
BID:69265
Info
Ruby on Rails 'create_with()' Function Security Bypass Vulnerability
| Bugtraq ID: | 69265 |
| Class: | Access Validation Error |
| CVE: |
CVE-2014-3514 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 18 2014 12:00AM |
| Updated: | Apr 13 2015 08:40PM |
| Credit: | Stephen Touset of Square. |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Ruby on Rails 'create_with()' Function Security Bypass Vulnerability
Ruby on Rails is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to the application, which may lead to further attacks.
Ruby on Rails is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to the application, which may lead to further attacks.
Exploit / POC
Ruby on Rails 'create_with()' Function Security Bypass Vulnerability
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Ruby on Rails 'create_with()' Function Security Bypass Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Ruby on Rails 'create_with()' Function Security Bypass Vulnerability
References:
References:
- Rails 4.0.9 and 4.1.5 have been released! (Ruby on Rails)
- [Ruby on Rails] [CVE-2014-3514] Strong Parameter bypass with create_with (Ruby on Rails)
- Ruby on Rails Home Page (Ruby on Rails)
- Important: ror40-rubygem-activerecord security update (Red Hat)