Vulnerabilities > Rubyonrails > Rails > 3.0.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-10-28 | CVE-2010-3933 | Improper Input Validation vulnerability in Rubyonrails Rails 2.3.9/3.0.0 Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. | 6.4 |
2007-11-21 | CVE-2007-6077 | Race Condition vulnerability in Rubyonrails Rails 1.2.4 The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. | 6.8 |