CVE-2016-0753

rubygem-activerecord: possible input validation circumvention in Active Model

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

1.8%

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.

Active Model en Ruby on Rails 4.1.x en versiones anteriores a 4.1.14.1, 4.2.x en versiones anteriores a 4.2.5.1 y 5.x en versiones anteriores a 5.0.0.beta1.1 soporta el uso de los escritores a nivel de instancia para descriptores de acceso de clase, lo que permite a atacantes remotos eludir los pasos destinados a la validación a través de parámetros manipulados.

A flaw was found in the way the Active Model based models processed attributes. An attacker with the ability to pass arbitrary attributes to models could possibly use this flaw to bypass input validation.

The rh-ror41 collection provides Ruby on Rails version 4.1. Ruby on Rails is a model-view-controller framework for web application development. The following issue was corrected in rubygem-actionpack and rubygem-actionview: A directory traversal flaw was found in the way the Action View component searched for templates for rendering. If an application passed untrusted input to the 'render' method, a remote, unauthenticated attacker could use this to render unexpected files and, possibly, execute arbitrary code.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-12-16 CVE Reserved
2016-02-01 CVE Published
2024-08-05 CVE Updated
2025-04-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (15)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2016/01/25/14	Mailing List
http://www.securityfocus.com/bid/82247	Broken Link
http://www.securitytracker.com/id/1034816	Broken Link
https://groups.google.com/forum/message/raw?msg=ruby-security-ann/6jQVC1geukQ...	Broken Link

1 - 4 of 4

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2016-Fe...	2023-05-19
http://lists.fedoraproject.org/pipermail/package-announce/2016-Fe...	2023-05-19
http://lists.fedoraproject.org/pipermail/package-announce/2016-Fe...	2023-05-19
http://lists.fedoraproject.org/pipermail/package-announce/2016-Fe...	2023-05-19
http://lists.fedoraproject.org/pipermail/package-announce/2016-Fe...	2023-05-19
http://lists.opensuse.org/opensuse-security-announce/2016-04/msg0...	2023-05-19
http://lists.opensuse.org/opensuse-updates/2016-02/msg00043.html	2023-05-19
http://rhn.redhat.com/errata/RHSA-2016-0296.html	2023-05-19
http://www.debian.org/security/2016/dsa-3464	2023-05-19
https://access.redhat.com/security/cve/CVE-2016-0753	2016-02-24

1 - 10 of 11

Affected Vendors, Products, and Versions (7)

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rubyonrails Search vendor "Rubyonrails"		Rails Search vendor "Rubyonrails" for product "Rails"				>= 4.1.0 < 4.1.14.1 Search vendor "Rubyonrails" for product "Rails" and version " >= 4.1.0 < 4.1.14.1"		-		Affected
Rubyonrails Search vendor "Rubyonrails"		Rails Search vendor "Rubyonrails" for product "Rails"				>= 4.2.0 < 4.2.5.1 Search vendor "Rubyonrails" for product "Rails" and version " >= 4.2.0 < 4.2.5.1"		-		Affected
Rubyonrails Search vendor "Rubyonrails"		Rails Search vendor "Rubyonrails" for product "Rails"				5.0.0 Search vendor "Rubyonrails" for product "Rails" and version "5.0.0"		beta1		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				22 Search vendor "Fedoraproject" for product "Fedora" and version "22"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				23 Search vendor "Fedoraproject" for product "Fedora" and version "23"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.1 Search vendor "Opensuse" for product "Leap" and version "42.1"		-		Affected

1 - 7 of 7