CVE-2010-3933
Rails activerecord gem has Improper Input Validation vulnerability
EPSS 0.71%
Description
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
How to fix CVE-2010-3933
To remediate CVE-2010-3933, upgrade the affected package to a fixed version below.
- RubyGems/activerecord—upgrade to 2.3.10 or later
Is CVE-2010-3933 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 2.3.9, < 2.3.10