VYPR
High severityNVD Advisory· Published Aug 20, 2014· Updated Jun 17, 2026

CVE-2014-3514

CVE-2014-3514

Description

activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
activerecordRubyGems
>= 4.0.0, < 4.0.94.0.9
activerecordRubyGems
>= 4.1.0, < 4.1.54.1.5

Affected products

30
  • Rubyonrails/Rails28 versions
    cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*+ 27 more
    • cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*
  • ghsa-coords2 versions
    >= 4.0.0, < 4.0.9+ 1 more
    • (no CPE)range: >= 4.0.0, < 4.0.9
    • (no CPE)range: < 5.0.0.1-1.1

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.