Medium severity5.3NVD Advisory· Published Feb 16, 2016· Updated May 6, 2026
CVE-2016-0753
CVE-2016-0753
Description
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
activemodelRubyGems | >= 4.1.0, < 4.1.14.1 | 4.1.14.1 |
activemodelRubyGems | >= 4.2.0, < 4.2.5.1 | 4.2.5.1 |
Affected products
6cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*range: >=4.1.0,<4.1.14.1
- cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-updates/2016-02/msg00043.htmlnvdMailing ListThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-0296.htmlnvdThird Party AdvisoryWEB
- www.debian.org/security/2016/dsa-3464nvdThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/01/25/14nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/82247nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034816nvdBroken LinkThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-543v-gj2c-r3chghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-0753ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.ymlghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/message/rawnvdBroken Link
- web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816ghsaWEB
- web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247ghsaWEB
- web.archive.org/web/20210613054843/https://groups.google.com/forum/message/rawghsaWEB
News mentions
0No linked articles in our index yet.