CVE-2016-0753 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-0753 Interim 1 16 2023-12-08T02:01:30Z current 2021-05-30T13:37:12Z 2023-12-08T02:01:30Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-0753 Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2016-February/001873.html E-Mail link for SUSE-SU-2016:0432-1 https://lists.suse.com/pipermail/sle-security-updates/2016-February/001876.html E-Mail link for SUSE-SU-2016:0435-1 https://lists.suse.com/pipermail/sle-security-updates/2016-February/001880.html E-Mail link for SUSE-SU-2016:0458-1 https://lists.suse.com/pipermail/sle-security-updates/2016-February/001896.html E-Mail link for SUSE-SU-2016:0597-1 https://lists.suse.com/pipermail/sle-security-updates/2016-February/001897.html E-Mail link for SUSE-SU-2016:0598-1 https://lists.suse.com/pipermail/sle-security-updates/2016-February/001899.html E-Mail link for SUSE-SU-2016:0600-1 https://lists.suse.com/pipermail/sle-security-updates/2016-April/002027.html E-Mail link for SUSE-SU-2016:1146-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 2.1 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Containers 12 SUSE OpenStack Cloud 5 SUSE OpenStack Cloud 6 portus-2.0.3-2.4 ruby2.1-rubygem-activemodel-4_1-4.1.9-9.1 ruby2.1-rubygem-activemodel-4_2-4.2.2-5.1 ruby2.1-rubygem-activerecord-4_1-4.1.9-9.1 ruby2.1-rubygem-activerecord-4_2-4.2.2-5.1 ruby2.1-rubygem-activesupport-4_1-4.1.9-12.1 ruby2.1-rubygem-activesupport-4_2-4.2.2-6.1 ruby2.1-rubygem-activemodel-4_2-4.2.2-5.1 as a component of SUSE Enterprise Storage 2.1 ruby2.1-rubygem-activerecord-4_2-4.2.2-5.1 as a component of SUSE Enterprise Storage 2.1 ruby2.1-rubygem-activesupport-4_2-4.2.2-6.1 as a component of SUSE Enterprise Storage 2.1 portus-2.0.3-2.4 as a component of SUSE Linux Enterprise Module for Containers 12 ruby2.1-rubygem-activemodel-4_1-4.1.9-9.1 as a component of SUSE OpenStack Cloud 5 ruby2.1-rubygem-activerecord-4_1-4.1.9-9.1 as a component of SUSE OpenStack Cloud 5 ruby2.1-rubygem-activesupport-4_1-4.1.9-12.1 as a component of SUSE OpenStack Cloud 5 ruby2.1-rubygem-activemodel-4_2-4.2.2-5.1 as a component of SUSE OpenStack Cloud 6 ruby2.1-rubygem-activerecord-4_2-4.2.2-5.1 as a component of SUSE OpenStack Cloud 6 ruby2.1-rubygem-activesupport-4_2-4.2.2-6.1 as a component of SUSE OpenStack Cloud 6 Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters. CVE-2016-0753 SUSE Enterprise Storage 2.1:ruby2.1-rubygem-activemodel-4_2-4.2.2-5.1 SUSE Enterprise Storage 2.1:ruby2.1-rubygem-activerecord-4_2-4.2.2-5.1 SUSE Enterprise Storage 2.1:ruby2.1-rubygem-activesupport-4_2-4.2.2-6.1 SUSE Linux Enterprise Module for Containers 12:portus-2.0.3-2.4 SUSE OpenStack Cloud 5:ruby2.1-rubygem-activemodel-4_1-4.1.9-9.1 SUSE OpenStack Cloud 5:ruby2.1-rubygem-activerecord-4_1-4.1.9-9.1 SUSE OpenStack Cloud 5:ruby2.1-rubygem-activesupport-4_1-4.1.9-12.1 SUSE OpenStack Cloud 6:ruby2.1-rubygem-activemodel-4_2-4.2.2-5.1 SUSE OpenStack Cloud 6:ruby2.1-rubygem-activerecord-4_2-4.2.2-5.1 SUSE OpenStack Cloud 6:ruby2.1-rubygem-activesupport-4_2-4.2.2-6.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N