Common Vulnerabilities and Exposures assigned an identifier CVE-2010-3933 to
the following vulnerability:
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
This issue did not affect the versions of the rubygem-activerecord package, as shipped with Fedora release of 14 and 15 (the current rubygem-activerecord package versions in these releases already contain relevant upstream patches).
This issue did not affect the version of the rubygem-activerecord package, as present within EPEL-5 repository. That rubygem-activerecord package version does not contain affected code part yet.
rubygem-actionpack-2.3.18-1.el5, rubygem-activerecord-2.3.18-1.el5, rubygem-activesupport-2.3.18-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.