Medium severity5.3NVD Advisory· Published Feb 16, 2016· Updated Jun 17, 2026
CVE-2016-0753
CVE-2016-0753
Description
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
activemodelRubyGems | >= 4.1.0, < 4.1.14.1 | 4.1.14.1 |
activemodelRubyGems | >= 4.2.0, < 4.2.5.1 | 4.2.5.1 |
Affected products
14cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:*range: >=4.1.0,<4.1.14.1
- cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- ghsa-coords8 versionspkg:gem/activemodelpkg:rpm/suse/portus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2012pkg:rpm/suse/rubygem-activemodel-4_1&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/rubygem-activemodel-4_2&distro=SUSE%20Enterprise%20Storage%202.1pkg:rpm/suse/rubygem-activerecord-4_1&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/rubygem-activerecord-4_2&distro=SUSE%20Enterprise%20Storage%202.1pkg:rpm/suse/rubygem-activesupport-4_1&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/rubygem-activesupport-4_2&distro=SUSE%20Enterprise%20Storage%202.1
>= 4.1.0, < 4.1.14.1+ 7 more
- (no CPE)range: >= 4.1.0, < 4.1.14.1
- (no CPE)range: < 2.0.3-2.4
- (no CPE)range: < 4.1.9-9.1
- (no CPE)range: < 4.2.2-5.1
- (no CPE)range: < 4.1.9-9.1
- (no CPE)range: < 4.2.2-5.1
- (no CPE)range: < 4.1.9-12.1
- (no CPE)range: < 4.2.2-6.1
Patches
Vulnerability mechanics
References
20- lists.fedoraproject.org/pipermail/package-announce/2016-February/178041.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-February/178043.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-February/178047.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-February/178065.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-February/178066.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-security-announce/2016-04/msg00053.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-updates/2016-02/msg00043.htmlnvdMailing ListThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2016-0296.htmlnvdThird Party AdvisoryWEB
- www.debian.org/security/2016/dsa-3464nvdThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/01/25/14nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/82247nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034816nvdBroken LinkThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-543v-gj2c-r3chghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-0753ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/activemodel/CVE-2016-0753.ymlghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/message/rawnvdBroken Link
- web.archive.org/web/20160405205300/http://www.securitytracker.com/id/1034816ghsaWEB
- web.archive.org/web/20200228000230/http://www.securityfocus.com/bid/82247ghsaWEB
- web.archive.org/web/20210613054843/https://groups.google.com/forum/message/rawghsaWEB
News mentions
0No linked articles in our index yet.