Nested Attributes (CVE-2010-3933)

Rails 2.3.9 and 3.0.0 are vulnerable to an attack on nested attributes wherein a malicious user could alter data in any record in the system.

It is recommended to upgrade to at least 2.3.10 or 3.0.1.

For more details see CVE-2011-0446.

Back to Warning Types