CVE-2010-3933

medium

Description

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.

References

http://www.vupen.com/english/advisories/2010/2719

http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0

http://securitytracker.com/id?1024624

http://secunia.com/advisories/41930

Details

Source: Mitre, NVD

Published: 2010-10-28

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Severity: Medium