PT-2016-1365 · Ruby+1 · Ruby On Rails+1

John Backus

Publicado

2016-01-31

Atualizado

2023-05-19

CVE-2016-0753

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Ruby on Rails versions 4.1.x through 4.1.14, Ruby on Rails versions 4.2.x through 4.2.5, Ruby on Rails versions 5.x through 5.0.0.beta1

Description The issue is related to the Active Model component in Ruby on Rails, which supports the use of instance-level writers for class accessors. This allows remote attackers to bypass intended validation steps via crafted parameters.

Recommendations For Ruby on Rails versions 4.1.x through 4.1.14, update to version 4.1.14.1 or later. For Ruby on Rails versions 4.2.x through 4.2.5, update to version 4.2.5.1 or later. For Ruby on Rails versions 5.x through 5.0.0.beta1, update to version 5.0.0.beta1.1 or later.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2016-00664

CVE-2016-0753

DLA-498-1

DLA-641-1

DLA-642-1

DSA-3464-1

GHSA-543V-GJ2C-R3CH

GHSA-V543-GQHH-6GWW

RHSA-2016:0296

SUSE-SU-2016:0432-1

SUSE-SU-2016:0435-1

SUSE-SU-2016:0458-1

SUSE-SU-2016:0597-1

SUSE-SU-2016:0598-1

SUSE-SU-2016:0600-1

SUSE-SU-2016:1146-1

Produtos afetados

Ruby On Rails

Suse

PT-2016-1365 · Ruby+1 · Ruby On Rails+1

CVE-2016-0753

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 69