Back to bug 1301957
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-01-26 12:46:49 UTC | Depends On | 1301959 | |
| Adam Mariš | 2016-01-26 12:46:57 UTC | Depends On | 1301960 | |
| Adam Mariš | 2016-01-26 14:08:44 UTC | Blocks | 1302006 | |
| Adam Mariš | 2016-01-26 14:49:45 UTC | Summary | CVE-2015-7577 tubygem-activerecord: Nested attributes rejection proc bypass in Active Record | CVE-2015-7577 rubygem-activerecord: Nested attributes rejection proc bypass in Active Record |
| Tomas Hoger | 2016-02-05 14:54:16 UTC | Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,sam-1/rubygem-activerecord=new,sam-1/ruby193-rubygem-activerecord=new,cfme-5.2/ruby193-rubygem-activerecord=new,cfme-5.3/ruby193-rubygem-activerecord=new,rhscl-2/rh-ror41-ruby193-rubygem-activerecord=new,rhscl-2/ror40-rubygem-activerecord=new,rhscl-2/ruby193-rubygem-activerecord=new,openstack-foreman/ruby193-rubygem-activerecord=new,openshift-1/ruby193-rubygem-activerecord=affected,fedora-all/rubygem-activerecord=affected | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-2/ruby193-rubygem-activerecord=affected,rhscl-2/ror40-rubygem-activerecord=affected,rhscl-2/rh-ror41-rubygem-activerecord=affected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=new,cfme-5.2/ruby193-rubygem-activerecord=new,cfme-5.3/ruby193-rubygem-activerecord=new,openstack-foreman/ruby193-rubygem-activerecord=new,openshift-1/ruby193-rubygem-activerecord=affected,fedora-all/rubygem-activerecord=affected |
| Joe Rafaniello | 2016-02-05 15:33:34 UTC | CC | jrafanie | |
| Ján Rusnačko | 2016-02-10 11:34:16 UTC | CC | jrusnack | |
| Doc Text | A flaw was found in handling of the nested attributes in combination with destroy flag. Attacker could use this flaw to set attributes to invalid values or clear all attributes. | |||
| Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-2/ruby193-rubygem-activerecord=affected,rhscl-2/ror40-rubygem-activerecord=affected,rhscl-2/rh-ror41-rubygem-activerecord=affected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=new,cfme-5.2/ruby193-rubygem-activerecord=new,cfme-5.3/ruby193-rubygem-activerecord=new,openstack-foreman/ruby193-rubygem-activerecord=new,openshift-1/ruby193-rubygem-activerecord=affected,fedora-all/rubygem-activerecord=affected | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-2/ruby193-rubygem-activerecord=affected,rhscl-2/ror40-rubygem-activerecord=affected,rhscl-2/rh-ror41-rubygem-activerecord=affected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=wontfix,cfme-5.2/ruby193-rubygem-activerecord=affected,cfme-5.3/ruby193-rubygem-activerecord=affected,openstack-foreman/ruby193-rubygem-activerecord=affected,openshift-1/ruby193-rubygem-activerecord=affected,fedora-all/rubygem-activerecord=affected | ||
| Tomas Hoger | 2016-02-10 13:32:10 UTC | Depends On | 1306282 | |
| Tomas Hoger | 2016-02-10 13:32:17 UTC | Depends On | 1306283 | |
| Tomas Hoger | 2016-02-10 13:32:21 UTC | Depends On | 1306284 | |
| Tomas Hoger | 2016-02-10 13:32:27 UTC | Depends On | 1306285 | |
| Tomas Hoger | 2016-02-10 13:32:32 UTC | Depends On | 1306286 | |
| Tomas Hoger | 2016-02-10 13:32:39 UTC | Depends On | 1306287 | |
| Garth Mollett | 2016-02-11 23:03:18 UTC | CC | gmollett | |
| Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-2/ruby193-rubygem-activerecord=affected,rhscl-2/ror40-rubygem-activerecord=affected,rhscl-2/rh-ror41-rubygem-activerecord=affected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=wontfix,cfme-5.2/ruby193-rubygem-activerecord=affected,cfme-5.3/ruby193-rubygem-activerecord=affected,openstack-foreman/ruby193-rubygem-activerecord=affected,openshift-1/ruby193-rubygem-activerecord=affected,fedora-all/rubygem-activerecord=affected | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-2/ruby193-rubygem-activerecord=affected,rhscl-2/ror40-rubygem-activerecord=affected,rhscl-2/rh-ror41-rubygem-activerecord=affected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=wontfix,cfme-5.2/ruby193-rubygem-activerecord=affected,cfme-5.3/ruby193-rubygem-activerecord=affected,openstack-foreman/ruby193-rubygem-activerecord=wontfix,openshift-1/ruby193-rubygem-activerecord=affected,fedora-all/rubygem-activerecord=affected | ||
| Summer Long | 2016-02-18 23:59:49 UTC | CC | slong | |
| Doc Text | A flaw was found in handling of the nested attributes in combination with destroy flag. Attacker could use this flaw to set attributes to invalid values or clear all attributes. | A flaw was found in the handling of Active Record's nested attributes in combination with destroy flags. A remote attacker could use this flaw to set invalid attribute values or clear all attributes. | ||
| Martin Prpič | 2016-02-24 09:34:44 UTC | Doc Text | A flaw was found in the handling of Active Record's nested attributes in combination with destroy flags. A remote attacker could use this flaw to set invalid attribute values or clear all attributes. | A flaw was found in the Active Record component's handling of nested attributes in combination with the destroy flag. An attacker could possibly use this flaw to set attributes to invalid values or clear all attributes. |
| Tomas Hoger | 2016-03-15 21:21:35 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-03-15 17:21:35 UTC | |||
| Perry Myers | 2016-04-26 15:12:37 UTC | CC | pmyers | |
| Product Security DevOps Team | 2019-09-29 13:43:28 UTC | Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,rhscl-2/ruby193-rubygem-activerecord=affected,rhscl-2/ror40-rubygem-activerecord=affected,rhscl-2/rh-ror41-rubygem-activerecord=affected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activerecord=wontfix,cfme-5.2/ruby193-rubygem-activerecord=affected,cfme-5.3/ruby193-rubygem-activerecord=affected,openstack-foreman/ruby193-rubygem-activerecord=wontfix,openshift-1/ruby193-rubygem-activerecord=affected,fedora-all/rubygem-activerecord=affected | |
| Ondrej Soukup | 2021-06-02 06:30:38 UTC | CC | osoukup |
Back to bug 1301957