Back to bug 1301973
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-01-26 13:16:12 UTC | Depends On | 1301975 | |
| Adam Mariš | 2016-01-26 13:16:20 UTC | Depends On | 1301976 | |
| Adam Mariš | 2016-01-26 13:16:28 UTC | Depends On | 1301977 | |
| Adam Mariš | 2016-01-26 13:16:37 UTC | Depends On | 1301978 | |
| Adam Mariš | 2016-01-26 13:16:47 UTC | Depends On | 1301979 | |
| Adam Mariš | 2016-01-26 13:19:19 UTC | Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,sam-1/rubygem-activemodel=new,sam-1/ruby193-rubygem-activemodel=new,cfme-5.2/ruby193-rubygem-activemodel=new,cfme-5.3/ruby193-rubygem-activemodel=new,rhscl-2/rh-ror41i-rubygem-activemodel=new,rhscl-2/ror40-rubygem-activemodel=new,rhscl-2/ruby193-rubygem-activemodel=new,openshift-1/ruby193-rubygem-activemodel=affected,openshift-1/rubygem-activemodel=affected,fedora-all/rubygem-activemodel=affected,sam-1/rubygem-activerecord=new,sam-1/ruby193-rubygem-activerecord=new,cfme-5.2/ruby193-rubygem-activerecord=new,cfme-5.3/ruby193-rubygem-activerecord=new,rhscl-2/rh-ror41-rubygem-activerecord=new,rhscl-2/ror40-rubygem-activerecord=new,rhscl-2/ruby193-rubygem-activerecord=new,openstack-foreman/ruby193-rubygem-activerecord=new,openshift-1/ruby193-rubygem-activerecord=affected,fedora-all/rubygem-activerecord=affected | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,sam-1/rubygem-activemodel=new,sam-1/ruby193-rubygem-activemodel=new,cfme-5.2/ruby193-rubygem-activemodel=new,cfme-5.3/ruby193-rubygem-activemodel=new,rhscl-2/rh-ror41-rubygem-activemodel=new,rhscl-2/ror40-rubygem-activemodel=new,rhscl-2/ruby193-rubygem-activemodel=new,openshift-1/ruby193-rubygem-activemodel=affected,openshift-1/rubygem-activemodel=affected,fedora-all/rubygem-activemodel=affected,sam-1/rubygem-activerecord=new,sam-1/ruby193-rubygem-activerecord=new,cfme-5.2/ruby193-rubygem-activerecord=new,cfme-5.3/ruby193-rubygem-activerecord=new,rhscl-2/rh-ror41-rubygem-activerecord=new,rhscl-2/ror40-rubygem-activerecord=new,rhscl-2/ruby193-rubygem-activerecord=new,openstack-foreman/ruby193-rubygem-activerecord=new,openshift-1/ruby193-rubygem-activerecord=affected,fedora-all/rubygem-activerecord=affected |
| Adam Mariš | 2016-01-26 14:09:12 UTC | Blocks | 1302006 | |
| Ján Rusnačko | 2016-01-27 09:53:18 UTC | Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,sam-1/rubygem-activemodel=new,sam-1/ruby193-rubygem-activemodel=new,cfme-5.2/ruby193-rubygem-activemodel=new,cfme-5.3/ruby193-rubygem-activemodel=new,rhscl-2/rh-ror41-rubygem-activemodel=new,rhscl-2/ror40-rubygem-activemodel=new,rhscl-2/ruby193-rubygem-activemodel=new,openshift-1/ruby193-rubygem-activemodel=affected,openshift-1/rubygem-activemodel=affected,fedora-all/rubygem-activemodel=affected,sam-1/rubygem-activerecord=new,sam-1/ruby193-rubygem-activerecord=new,cfme-5.2/ruby193-rubygem-activerecord=new,cfme-5.3/ruby193-rubygem-activerecord=new,rhscl-2/rh-ror41-rubygem-activerecord=new,rhscl-2/ror40-rubygem-activerecord=new,rhscl-2/ruby193-rubygem-activerecord=new,openstack-foreman/ruby193-rubygem-activerecord=new,openshift-1/ruby193-rubygem-activerecord=affected,fedora-all/rubygem-activerecord=affected | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,sam-1/rubygem-activemodel=new,sam-1/ruby193-rubygem-activemodel=new,cfme-5.2/ruby193-rubygem-activemodel=new,cfme-5.3/ruby193-rubygem-activemodel=new,rhscl-2/rh-ror41-rubygem-activemodel=new,rhscl-2/ror40-rubygem-activemodel=new,rhscl-2/ruby193-rubygem-activemodel=new,openshift-1/ruby193-rubygem-activemodel=affected,openshift-1/rubygem-activemodel=affected,fedora-all/rubygem-activemodel=affected,sam-1/rubygem-activerecord=new,sam-1/ruby193-rubygem-activerecord=new,cfme-5.2/ruby193-rubygem-activerecord=new,cfme-5.3/ruby193-rubygem-activerecord=new,rhscl-2/rh-ror41-rubygem-activerecord=new,rhscl-2/ror40-rubygem-activerecord=new,rhscl-2/ruby193-rubygem-activerecord=new,openstack-foreman/ruby193-rubygem-activerecord=new,openshift-1/ruby193-rubygem-activerecord=affected,fedora-all/rubygem-activerecord=affected,cwe=CWE-20 |
| Tomas Hoger | 2016-02-05 15:01:54 UTC | Summary | CVE-2016-0753 rubygem-activemodel: Possible Input Validation Circumvention in Active Model | CVE-2016-0753 rubygem-activemodel: possible input validation circumvention in Active Model |
| Tomas Hoger | 2016-02-05 15:25:41 UTC | Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,sam-1/rubygem-activemodel=new,sam-1/ruby193-rubygem-activemodel=new,cfme-5.2/ruby193-rubygem-activemodel=new,cfme-5.3/ruby193-rubygem-activemodel=new,rhscl-2/rh-ror41-rubygem-activemodel=new,rhscl-2/ror40-rubygem-activemodel=new,rhscl-2/ruby193-rubygem-activemodel=new,openshift-1/ruby193-rubygem-activemodel=affected,openshift-1/rubygem-activemodel=affected,fedora-all/rubygem-activemodel=affected,sam-1/rubygem-activerecord=new,sam-1/ruby193-rubygem-activerecord=new,cfme-5.2/ruby193-rubygem-activerecord=new,cfme-5.3/ruby193-rubygem-activerecord=new,rhscl-2/rh-ror41-rubygem-activerecord=new,rhscl-2/ror40-rubygem-activerecord=new,rhscl-2/ruby193-rubygem-activerecord=new,openstack-foreman/ruby193-rubygem-activerecord=new,openshift-1/ruby193-rubygem-activerecord=affected,fedora-all/rubygem-activerecord=affected,cwe=CWE-20 | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhscl-2/ruby193-rubygem-activemodel=notaffected,rhscl-2/ruby193-rubygem-activerecord=notaffected,rhscl-2/ror40-rubygem-activemodel=notaffected,rhscl-2/ror40-rubygem-activerecord=notaffected,rhscl-2/rh-ror41-rubygem-activemodel=affected,rhscl-2/rh-ror41-rubygem-activerecord=affected,sam-1/rubygem-activemodel=notaffected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activemodel=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5.2/ruby193-rubygem-activemodel=notaffected,cfme-5.2/ruby193-rubygem-activerecord=notaffected,cfme-5.3/ruby193-rubygem-activemodel=notaffected,cfme-5.3/ruby193-rubygem-activerecord=notaffected,openshift-1/ruby193-rubygem-activemodel=notaffected,openshift-1/rubygem-activemodel=notaffected,openshift-1/ruby193-rubygem-activerecord=notaffected,openstack-foreman/ruby193-rubygem-activerecord=notaffected,fedora-all/rubygem-activemodel=affected,fedora-all/rubygem-activerecord=affected |
| Joe Rafaniello | 2016-02-05 15:33:20 UTC | CC | jrafanie | |
| Ján Rusnačko | 2016-02-10 12:23:03 UTC | CC | jrusnack | |
| Doc Text | A flaw was found in the way Active Model based models process attributes. Attacker with ability to pass arbitrary attributes to models could use this flaw to bypass input validation. | |||
| Tomas Hoger | 2016-02-10 13:32:32 UTC | Depends On | 1306286 | |
| Tomas Hoger | 2016-02-10 13:32:39 UTC | Depends On | 1306287 | |
| Tomas Hoger | 2016-02-10 13:34:36 UTC | Depends On | 1306290 | |
| Tomas Hoger | 2016-02-10 13:34:44 UTC | Depends On | 1306291 | |
| Summer Long | 2016-02-15 01:45:40 UTC | CC | slong | |
| Doc Text | A flaw was found in the way Active Model based models process attributes. Attacker with ability to pass arbitrary attributes to models could use this flaw to bypass input validation. | A validation flaw was found in the way Active Model models process attributes. An attacker with the ability to pass arbitrary attributes to models could use this flaw to bypass input validation. | ||
| Martin Prpič | 2016-02-24 09:36:08 UTC | Doc Text | A validation flaw was found in the way Active Model models process attributes. An attacker with the ability to pass arbitrary attributes to models could use this flaw to bypass input validation. | A flaw was found in the way the Active Model based models processed attributes. An attacker with the ability to pass arbitrary attributes to models could possibly use this flaw to bypass input validation. |
| Tomas Hoger | 2016-02-24 09:42:30 UTC | Fixed In Version | rubygem-activemodel 5.0.0.beta1.1, rubygem-activemodel 4.2.5.1, rubygem-activemodel 4.1.14.1 | rubygem-activemodel 5.0.0.beta1.1, rubygem-activemodel 4.2.5.1, rubygem-activemodel 4.1.14.1, rubygem-activerecord 5.0.0.beta1.1, rubygem-activerecord 4.2.5.1, rubygem-activerecord 4.1.14.1 |
| Summary | CVE-2016-0753 rubygem-activemodel: possible input validation circumvention in Active Model | CVE-2016-0753 rubygem-activemodel, rubygem-activerecord: possible input validation circumvention in Active Model | ||
| Tomas Hoger | 2016-02-24 10:58:32 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-02-24 05:58:32 UTC | |||
| Perry Myers | 2016-04-26 16:23:36 UTC | CC | pmyers | |
| Product Security DevOps Team | 2019-09-29 13:43:28 UTC | Whiteboard | impact=moderate,public=20160125,reported=20160122,source=upstream,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,cwe=CWE-20,rhscl-2/ruby193-rubygem-activemodel=notaffected,rhscl-2/ruby193-rubygem-activerecord=notaffected,rhscl-2/ror40-rubygem-activemodel=notaffected,rhscl-2/ror40-rubygem-activerecord=notaffected,rhscl-2/rh-ror41-rubygem-activemodel=affected,rhscl-2/rh-ror41-rubygem-activerecord=affected,sam-1/rubygem-activemodel=notaffected,sam-1/rubygem-activerecord=notaffected,sam-1/ruby193-rubygem-activemodel=notaffected,sam-1/ruby193-rubygem-activerecord=notaffected,cfme-5.2/ruby193-rubygem-activemodel=notaffected,cfme-5.2/ruby193-rubygem-activerecord=notaffected,cfme-5.3/ruby193-rubygem-activemodel=notaffected,cfme-5.3/ruby193-rubygem-activerecord=notaffected,openshift-1/ruby193-rubygem-activemodel=notaffected,openshift-1/rubygem-activemodel=notaffected,openshift-1/ruby193-rubygem-activerecord=notaffected,openstack-foreman/ruby193-rubygem-activerecord=notaffected,fedora-all/rubygem-activemodel=affected,fedora-all/rubygem-activerecord=affected | |
| Ondrej Soukup | 2021-06-02 06:18:08 UTC | CC | osoukup |
Back to bug 1301973