Ruby/activemodel/4.1.10.rc2
A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing.
https://rubygems.org/gems/activemodel
MIT
2 Security Vulnerabilities
activemodel contains Improper Input Validation
Published date: 2017-10-24T18:33:35Z
CVE: CVE-2016-0753
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2016-0753
- https://github.com/advisories/GHSA-543v-gj2c-r3ch
- https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
- http://rhn.redhat.com/errata/RHSA-2016-0296.html
- http://www.debian.org/security/2016/dsa-3464
- http://www.openwall.com/lists/oss-security/2016/01/25/14
- http://www.securityfocus.com/bid/82247
- http://www.securitytracker.com/id/1034816
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml
- https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ
- https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816
- https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247
- https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
Affected versions:
["4.2.5", "4.2.5.rc2", "4.2.5.rc1", "4.2.4", "4.2.4.rc1", "4.2.3", "4.2.3.rc1", "4.2.2", "4.2.1", "4.2.1.rc4", "4.2.1.rc3", "4.2.1.rc2", "4.2.1.rc1", "4.2.0", "4.1.14", "4.1.14.rc2", "4.1.14.rc1", "4.1.13", "4.1.13.rc1", "4.1.12", "4.1.12.rc1", "4.1.11", "4.1.10", "4.1.10.rc4", "4.1.10.rc3", "4.1.10.rc2", "4.1.10.rc1", "4.1.9", "4.1.9.rc1", "4.1.8", "4.1.7.1", "4.1.7", "4.1.6", "4.1.6.rc2", "4.1.6.rc1", "4.1.5", "4.1.4", "4.1.3", "4.1.2", "4.1.2.rc3", "4.1.2.rc2", "4.1.2.rc1", "4.1.1", "4.1.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.2, 4.0.1, 4.0.1.rc4, 4.0.1.rc3, 4.0.1.rc2, 4.0.1.rc1, 4.0.0, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 3.2.16, 3.2.15, 3.2.15.rc3, 3.2.15.rc2, 3.2.15.rc1, 3.2.14, 3.2.14.rc2, 3.2.14.rc1, 3.2.13, 3.2.13.rc2, 3.2.13.rc1, 3.2.12, 3.2.11, 3.2.10, 3.2.9, 3.2.9.rc3, 3.2.9.rc2, 3.2.9.rc1, 3.2.8, 3.2.8.rc2, 3.2.8.rc1, 3.2.7, 3.2.7.rc1, 3.2.6, 3.2.5, 3.2.4, 3.2.4.rc1, 3.2.3, 3.2.3.rc2, 3.2.3.rc1, 3.2.2, 3.2.2.rc1, 3.2.1, 3.2.0, 3.2.0.rc2, 3.2.0.rc1, 3.1.12, 3.1.11, 3.1.10, 3.1.9, 3.1.8, 3.1.7, 3.1.6, 3.1.5, 3.1.5.rc1, 3.1.4, 3.1.4.rc1, 3.1.3, 3.1.2, 3.1.2.rc2, 3.1.2.rc1, 3.1.1, 3.1.1.rc3, 3.1.1.rc2, 3.1.1.rc1, 3.1.0, 3.1.0.rc8, 3.1.0.rc6, 3.1.0.rc5, 3.1.0.rc4, 3.1.0.rc3, 3.1.0.rc2, 3.1.0.rc1, 3.1.0.beta1, 3.0.20, 3.0.19, 3.0.18, 3.0.17, 3.0.16, 3.0.15, 3.0.14, 3.0.13, 3.0.13.rc1, 3.0.12, 3.0.12.rc1, 3.0.11, 3.0.10, 3.0.10.rc1, 3.0.9, 3.0.9.rc5, 3.0.9.rc4, 3.0.9.rc3, 3.0.9.rc1, 3.0.8, 3.0.8.rc4, 3.0.8.rc2, 3.0.8.rc1, 3.0.7, 3.0.7.rc2, 3.0.7.rc1, 3.0.6, 3.0.6.rc2, 3.0.6.rc1, 3.0.5, 3.0.5.rc1, 3.0.4, 3.0.4.rc1, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 3.0.0.rc2, 3.0.0.rc, 3.0.0.beta4, 3.0.0.beta3, 3.0.0.beta2, 3.0.0.beta, 3.0.pre, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 6.1.4.4, 6.0.4.4, 7.0.0, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 7.0.2.3, 6.1.4.7, 6.0.4.7, 5.2.6.3, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8]
Recommendation:
Update to version 7.1.3.4.
Duplicate Advisory: Moderate severity vulnerability that affects activemodel
Published date: 2018-09-17T21:55:43Z
CVE: CVE-2016-0753
Links:
Duplicate advisory
This advisory has been withdrawn because it is a duplicate of GHSA-543v-gj2c-r3ch. This link is maintained to preserve external references.
Original Description
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
Affected versions:
["4.2.5", "4.2.5.rc2", "4.2.5.rc1", "4.2.4", "4.2.4.rc1", "4.2.3", "4.2.3.rc1", "4.2.2", "4.2.1", "4.2.1.rc4", "4.2.1.rc3", "4.2.1.rc2", "4.2.1.rc1", "4.2.0", "4.1.14", "4.1.14.rc2", "4.1.14.rc1", "4.1.13", "4.1.13.rc1", "4.1.12", "4.1.12.rc1", "4.1.11", "4.1.10", "4.1.10.rc4", "4.1.10.rc3", "4.1.10.rc2", "4.1.10.rc1", "4.1.9", "4.1.9.rc1", "4.1.8", "4.1.7.1", "4.1.7", "4.1.6", "4.1.6.rc2", "4.1.6.rc1", "4.1.5", "4.1.4", "4.1.3", "4.1.2", "4.1.2.rc3", "4.1.2.rc2", "4.1.2.rc1", "4.1.1", "4.1.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.2, 4.0.1, 4.0.1.rc4, 4.0.1.rc3, 4.0.1.rc2, 4.0.1.rc1, 4.0.0, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 3.2.16, 3.2.15, 3.2.15.rc3, 3.2.15.rc2, 3.2.15.rc1, 3.2.14, 3.2.14.rc2, 3.2.14.rc1, 3.2.13, 3.2.13.rc2, 3.2.13.rc1, 3.2.12, 3.2.11, 3.2.10, 3.2.9, 3.2.9.rc3, 3.2.9.rc2, 3.2.9.rc1, 3.2.8, 3.2.8.rc2, 3.2.8.rc1, 3.2.7, 3.2.7.rc1, 3.2.6, 3.2.5, 3.2.4, 3.2.4.rc1, 3.2.3, 3.2.3.rc2, 3.2.3.rc1, 3.2.2, 3.2.2.rc1, 3.2.1, 3.2.0, 3.2.0.rc2, 3.2.0.rc1, 3.1.12, 3.1.11, 3.1.10, 3.1.9, 3.1.8, 3.1.7, 3.1.6, 3.1.5, 3.1.5.rc1, 3.1.4, 3.1.4.rc1, 3.1.3, 3.1.2, 3.1.2.rc2, 3.1.2.rc1, 3.1.1, 3.1.1.rc3, 3.1.1.rc2, 3.1.1.rc1, 3.1.0, 3.1.0.rc8, 3.1.0.rc6, 3.1.0.rc5, 3.1.0.rc4, 3.1.0.rc3, 3.1.0.rc2, 3.1.0.rc1, 3.1.0.beta1, 3.0.20, 3.0.19, 3.0.18, 3.0.17, 3.0.16, 3.0.15, 3.0.14, 3.0.13, 3.0.13.rc1, 3.0.12, 3.0.12.rc1, 3.0.11, 3.0.10, 3.0.10.rc1, 3.0.9, 3.0.9.rc5, 3.0.9.rc4, 3.0.9.rc3, 3.0.9.rc1, 3.0.8, 3.0.8.rc4, 3.0.8.rc2, 3.0.8.rc1, 3.0.7, 3.0.7.rc2, 3.0.7.rc1, 3.0.6, 3.0.6.rc2, 3.0.6.rc1, 3.0.5, 3.0.5.rc1, 3.0.4, 3.0.4.rc1, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 3.0.0.rc2, 3.0.0.rc, 3.0.0.beta4, 3.0.0.beta3, 3.0.0.beta2, 3.0.0.beta, 3.0.pre, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 6.1.4.4, 6.0.4.4, 7.0.0, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 7.0.2.3, 6.1.4.7, 6.0.4.7, 5.2.6.3, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8]
Recommendation:
Update to version 7.1.3.4.
410 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 3.0.2 | UNKNOWN | 2010-11-15 - 19:33 | over 13 years | |
| 3.0.1 | UNKNOWN | 2010-10-14 - 20:55 | over 13 years | |
| 3.0.0 | UNKNOWN | 2010-08-29 - 23:10 | almost 14 years | |
| 3.0.pre | UNKNOWN | 2009-10-16 - 22:14 | over 14 years | |
| 3.0.0.rc2 | UNKNOWN | 2010-08-24 - 03:04 | almost 14 years | |
| 3.0.0.rc | UNKNOWN | 2010-07-26 - 21:42 | almost 14 years | |
| 3.0.0.beta4 | UNKNOWN | 2010-06-08 - 22:30 | about 14 years | |
| 3.0.0.beta3 | UNKNOWN | 2010-04-13 - 19:22 | about 14 years | |
| 3.0.0.beta2 | UNKNOWN | 2010-04-01 - 21:24 | about 14 years | |
| 3.0.0.beta | UNKNOWN | 2010-02-05 - 03:00 | over 14 years |