Ruby/activemodel/4.1.14
A toolkit for building modeling frameworks like Active Record. Rich support for attributes, callbacks, validations, serialization, internationalization, and testing.
https://rubygems.org/gems/activemodel
MIT
2 Security Vulnerabilities
activemodel contains Improper Input Validation
Published date: 2017-10-24T18:33:35Z
CVE: CVE-2016-0753
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2016-0753
- https://github.com/advisories/GHSA-543v-gj2c-r3ch
- https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.html
- http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.html
- http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html
- http://rhn.redhat.com/errata/RHSA-2016-0296.html
- http://www.debian.org/security/2016/dsa-3464
- http://www.openwall.com/lists/oss-security/2016/01/25/14
- http://www.securityfocus.com/bid/82247
- http://www.securitytracker.com/id/1034816
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.yml
- https://groups.google.com/forum/#!topic/rubyonrails-security/6jQVC1geukQ
- https://web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816
- https://web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247
- https://web.archive.org/web/20210613054843/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ/3Iy0GU1ZEgAJ
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
Affected versions:
["4.2.5", "4.2.5.rc2", "4.2.5.rc1", "4.2.4", "4.2.4.rc1", "4.2.3", "4.2.3.rc1", "4.2.2", "4.2.1", "4.2.1.rc4", "4.2.1.rc3", "4.2.1.rc2", "4.2.1.rc1", "4.2.0", "4.1.14", "4.1.14.rc2", "4.1.14.rc1", "4.1.13", "4.1.13.rc1", "4.1.12", "4.1.12.rc1", "4.1.11", "4.1.10", "4.1.10.rc4", "4.1.10.rc3", "4.1.10.rc2", "4.1.10.rc1", "4.1.9", "4.1.9.rc1", "4.1.8", "4.1.7.1", "4.1.7", "4.1.6", "4.1.6.rc2", "4.1.6.rc1", "4.1.5", "4.1.4", "4.1.3", "4.1.2", "4.1.2.rc3", "4.1.2.rc2", "4.1.2.rc1", "4.1.1", "4.1.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.2, 4.0.1, 4.0.1.rc4, 4.0.1.rc3, 4.0.1.rc2, 4.0.1.rc1, 4.0.0, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 3.2.16, 3.2.15, 3.2.15.rc3, 3.2.15.rc2, 3.2.15.rc1, 3.2.14, 3.2.14.rc2, 3.2.14.rc1, 3.2.13, 3.2.13.rc2, 3.2.13.rc1, 3.2.12, 3.2.11, 3.2.10, 3.2.9, 3.2.9.rc3, 3.2.9.rc2, 3.2.9.rc1, 3.2.8, 3.2.8.rc2, 3.2.8.rc1, 3.2.7, 3.2.7.rc1, 3.2.6, 3.2.5, 3.2.4, 3.2.4.rc1, 3.2.3, 3.2.3.rc2, 3.2.3.rc1, 3.2.2, 3.2.2.rc1, 3.2.1, 3.2.0, 3.2.0.rc2, 3.2.0.rc1, 3.1.12, 3.1.11, 3.1.10, 3.1.9, 3.1.8, 3.1.7, 3.1.6, 3.1.5, 3.1.5.rc1, 3.1.4, 3.1.4.rc1, 3.1.3, 3.1.2, 3.1.2.rc2, 3.1.2.rc1, 3.1.1, 3.1.1.rc3, 3.1.1.rc2, 3.1.1.rc1, 3.1.0, 3.1.0.rc8, 3.1.0.rc6, 3.1.0.rc5, 3.1.0.rc4, 3.1.0.rc3, 3.1.0.rc2, 3.1.0.rc1, 3.1.0.beta1, 3.0.20, 3.0.19, 3.0.18, 3.0.17, 3.0.16, 3.0.15, 3.0.14, 3.0.13, 3.0.13.rc1, 3.0.12, 3.0.12.rc1, 3.0.11, 3.0.10, 3.0.10.rc1, 3.0.9, 3.0.9.rc5, 3.0.9.rc4, 3.0.9.rc3, 3.0.9.rc1, 3.0.8, 3.0.8.rc4, 3.0.8.rc2, 3.0.8.rc1, 3.0.7, 3.0.7.rc2, 3.0.7.rc1, 3.0.6, 3.0.6.rc2, 3.0.6.rc1, 3.0.5, 3.0.5.rc1, 3.0.4, 3.0.4.rc1, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 3.0.0.rc2, 3.0.0.rc, 3.0.0.beta4, 3.0.0.beta3, 3.0.0.beta2, 3.0.0.beta, 3.0.pre, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 6.1.4.4, 6.0.4.4, 7.0.0, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 7.0.2.3, 6.1.4.7, 6.0.4.7, 5.2.6.3, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1]
Recommendation:
Update to version 7.2.1.
Duplicate Advisory: Moderate severity vulnerability that affects activemodel
Published date: 2018-09-17T21:55:43Z
CVE: CVE-2016-0753
Links:
Duplicate advisory
This advisory has been withdrawn because it is a duplicate of GHSA-543v-gj2c-r3ch. This link is maintained to preserve external references.
Original Description
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
Affected versions:
["4.2.5", "4.2.5.rc2", "4.2.5.rc1", "4.2.4", "4.2.4.rc1", "4.2.3", "4.2.3.rc1", "4.2.2", "4.2.1", "4.2.1.rc4", "4.2.1.rc3", "4.2.1.rc2", "4.2.1.rc1", "4.2.0", "4.1.14", "4.1.14.rc2", "4.1.14.rc1", "4.1.13", "4.1.13.rc1", "4.1.12", "4.1.12.rc1", "4.1.11", "4.1.10", "4.1.10.rc4", "4.1.10.rc3", "4.1.10.rc2", "4.1.10.rc1", "4.1.9", "4.1.9.rc1", "4.1.8", "4.1.7.1", "4.1.7", "4.1.6", "4.1.6.rc2", "4.1.6.rc1", "4.1.5", "4.1.4", "4.1.3", "4.1.2", "4.1.2.rc3", "4.1.2.rc2", "4.1.2.rc1", "4.1.1", "4.1.0"]
Secure versions:
[6.1.0.rc1, 6.0.3.4, 6.0.3.3, 6.0.3.2, 6.0.3.1, 6.0.3, 6.0.3.rc1, 6.0.2.2, 6.0.2.1, 6.0.2, 6.0.2.rc2, 6.0.2.rc1, 6.0.1, 6.0.1.rc1, 6.0.0, 6.0.0.rc2, 6.0.0.rc1, 6.0.0.beta3, 6.0.0.beta2, 6.0.0.beta1, 5.2.4.4, 5.2.4.3, 5.2.4.2, 5.2.4.1, 5.2.4, 5.2.4.rc1, 5.2.3, 5.2.3.rc1, 5.2.2.1, 5.2.2, 5.2.2.rc1, 5.2.1.1, 5.2.1, 5.2.1.rc1, 5.2.0, 5.2.0.rc2, 5.2.0.rc1, 5.2.0.beta2, 5.2.0.beta1, 5.1.7, 5.1.7.rc1, 5.1.6.2, 5.1.6.1, 5.1.6, 5.1.5, 5.1.5.rc1, 5.1.4, 5.1.4.rc1, 5.1.3, 5.1.3.rc3, 5.1.3.rc2, 5.1.3.rc1, 5.1.2, 5.1.2.rc1, 5.1.1, 5.1.0, 5.1.0.rc2, 5.1.0.rc1, 5.1.0.beta1, 5.0.7.2, 5.0.7.1, 5.0.7, 5.0.6, 5.0.6.rc1, 5.0.5, 5.0.5.rc2, 5.0.5.rc1, 5.0.4, 5.0.4.rc1, 5.0.3, 5.0.2, 5.0.2.rc1, 5.0.1, 5.0.1.rc2, 5.0.1.rc1, 5.0.0.1, 5.0.0, 5.0.0.rc2, 5.0.0.rc1, 5.0.0.beta4, 5.0.0.beta3, 5.0.0.beta2, 5.0.0.beta1.1, 5.0.0.beta1, 4.2.11.3, 4.2.11.2, 4.2.11.1, 4.2.11, 4.2.10, 4.2.10.rc1, 4.2.9, 4.2.9.rc2, 4.2.9.rc1, 4.2.8, 4.2.8.rc1, 4.2.7.1, 4.2.7, 4.2.7.rc1, 4.2.6, 4.2.6.rc1, 4.2.5.2, 4.2.5.1, 4.2.0.rc3, 4.2.0.rc2, 4.2.0.rc1, 4.2.0.beta4, 4.2.0.beta3, 4.2.0.beta2, 4.2.0.beta1, 4.1.16, 4.1.16.rc1, 4.1.15, 4.1.15.rc1, 4.1.14.2, 4.1.14.1, 4.1.0.rc2, 4.1.0.rc1, 4.1.0.beta2, 4.1.0.beta1, 4.0.13, 4.0.13.rc1, 4.0.12, 4.0.11.1, 4.0.11, 4.0.10, 4.0.10.rc2, 4.0.10.rc1, 4.0.9, 4.0.8, 4.0.7, 4.0.6, 4.0.6.rc3, 4.0.6.rc2, 4.0.6.rc1, 4.0.5, 4.0.4, 4.0.4.rc1, 4.0.3, 4.0.2, 4.0.1, 4.0.1.rc4, 4.0.1.rc3, 4.0.1.rc2, 4.0.1.rc1, 4.0.0, 4.0.0.rc2, 4.0.0.rc1, 4.0.0.beta1, 3.2.22.5, 3.2.22.4, 3.2.22.3, 3.2.22.2, 3.2.22.1, 3.2.22, 3.2.21, 3.2.20, 3.2.19, 3.2.18, 3.2.17, 3.2.16, 3.2.15, 3.2.15.rc3, 3.2.15.rc2, 3.2.15.rc1, 3.2.14, 3.2.14.rc2, 3.2.14.rc1, 3.2.13, 3.2.13.rc2, 3.2.13.rc1, 3.2.12, 3.2.11, 3.2.10, 3.2.9, 3.2.9.rc3, 3.2.9.rc2, 3.2.9.rc1, 3.2.8, 3.2.8.rc2, 3.2.8.rc1, 3.2.7, 3.2.7.rc1, 3.2.6, 3.2.5, 3.2.4, 3.2.4.rc1, 3.2.3, 3.2.3.rc2, 3.2.3.rc1, 3.2.2, 3.2.2.rc1, 3.2.1, 3.2.0, 3.2.0.rc2, 3.2.0.rc1, 3.1.12, 3.1.11, 3.1.10, 3.1.9, 3.1.8, 3.1.7, 3.1.6, 3.1.5, 3.1.5.rc1, 3.1.4, 3.1.4.rc1, 3.1.3, 3.1.2, 3.1.2.rc2, 3.1.2.rc1, 3.1.1, 3.1.1.rc3, 3.1.1.rc2, 3.1.1.rc1, 3.1.0, 3.1.0.rc8, 3.1.0.rc6, 3.1.0.rc5, 3.1.0.rc4, 3.1.0.rc3, 3.1.0.rc2, 3.1.0.rc1, 3.1.0.beta1, 3.0.20, 3.0.19, 3.0.18, 3.0.17, 3.0.16, 3.0.15, 3.0.14, 3.0.13, 3.0.13.rc1, 3.0.12, 3.0.12.rc1, 3.0.11, 3.0.10, 3.0.10.rc1, 3.0.9, 3.0.9.rc5, 3.0.9.rc4, 3.0.9.rc3, 3.0.9.rc1, 3.0.8, 3.0.8.rc4, 3.0.8.rc2, 3.0.8.rc1, 3.0.7, 3.0.7.rc2, 3.0.7.rc1, 3.0.6, 3.0.6.rc2, 3.0.6.rc1, 3.0.5, 3.0.5.rc1, 3.0.4, 3.0.4.rc1, 3.0.3, 3.0.2, 3.0.1, 3.0.0, 3.0.0.rc2, 3.0.0.rc, 3.0.0.beta4, 3.0.0.beta3, 3.0.0.beta2, 3.0.0.beta, 3.0.pre, 6.1.0.rc2, 6.1.0, 6.1.1, 6.1.2, 6.1.2.1, 6.0.3.5, 5.2.4.5, 6.1.3, 6.1.3.1, 6.0.3.6, 5.2.5, 6.1.3.2, 6.0.3.7, 5.2.6, 5.2.4.6, 6.0.4, 6.1.4, 6.1.4.1, 6.0.4.1, 7.0.0.alpha2, 7.0.0.alpha1, 7.0.0.rc1, 7.0.0.rc3, 7.0.0.rc2, 6.1.4.3, 6.1.4.2, 6.0.4.3, 6.0.4.2, 6.1.4.4, 6.0.4.4, 7.0.0, 7.0.1, 7.0.2, 7.0.2.2, 7.0.2.1, 6.1.4.6, 6.1.4.5, 6.0.4.6, 6.0.4.5, 5.2.6.2, 5.2.6.1, 7.0.2.3, 6.1.4.7, 6.0.4.7, 5.2.6.3, 6.1.5, 5.2.7, 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1, 7.0.3, 6.1.6, 6.0.5, 5.2.8, 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1, 7.0.4, 6.1.7, 6.0.6, 7.0.4.1, 6.1.7.1, 6.0.6.1, 7.0.4.2, 6.1.7.2, 7.0.4.3, 6.1.7.3, 7.0.5, 7.0.5.1, 6.1.7.4, 7.0.6, 7.0.7, 7.0.7.2, 7.0.7.1, 6.1.7.6, 6.1.7.5, 7.0.8, 7.1.0.beta1, 7.1.0.rc1, 7.1.0.rc2, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.3.2, 7.1.3.1, 7.0.8.1, 6.1.7.7, 7.1.3.3, 7.0.8.2, 7.0.8.3, 7.2.0.beta1, 7.2.0.beta2, 7.1.3.4, 7.0.8.4, 6.1.7.8, 7.2.0.beta3, 7.2.0.rc1, 7.2.0, 7.2.1, 7.1.4, 8.0.0.beta1]
Recommendation:
Update to version 7.2.1.
416 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 3.0.6.rc1 | UNKNOWN | 2011-03-29 - 20:43 | over 13 years | |
| 3.0.5 | UNKNOWN | 2011-02-27 - 02:30 | over 13 years | |
| 3.0.5.rc1 | UNKNOWN | 2011-02-23 - 19:07 | over 13 years | |
| 3.0.4 | UNKNOWN | 2011-02-08 - 21:16 | over 13 years | |
| 3.0.4.rc1 | UNKNOWN | 2011-01-30 - 22:59 | over 13 years | |
| 3.0.3 | UNKNOWN | 2010-11-16 - 16:27 | almost 14 years | |
| 3.0.2 | UNKNOWN | 2010-11-15 - 19:33 | almost 14 years | |
| 3.0.1 | UNKNOWN | 2010-10-14 - 20:55 | almost 14 years | |
| 3.0.0 | UNKNOWN | 2010-08-29 - 23:10 | about 14 years | |
| 3.0.pre | UNKNOWN | 2009-10-16 - 22:14 | almost 15 years | |
| 3.0.0.rc2 | UNKNOWN | 2010-08-24 - 03:04 | about 14 years | |
| 3.0.0.rc | UNKNOWN | 2010-07-26 - 21:42 | about 14 years | |
| 3.0.0.beta4 | UNKNOWN | 2010-06-08 - 22:30 | over 14 years | |
| 3.0.0.beta3 | UNKNOWN | 2010-04-13 - 19:22 | over 14 years | |
| 3.0.0.beta2 | UNKNOWN | 2010-04-01 - 21:24 | over 14 years | |
| 3.0.0.beta | UNKNOWN | 2010-02-05 - 03:00 | over 14 years |