CVE-2014-3514 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2014-3514 Interim 1 18 2023-07-01T00:34:06Z current 2021-05-30T13:21:01Z 2023-07-01T00:34:06Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2014-3514 activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise High Availability Extension 15 SUSE Linux Enterprise High Availability Extension 15 SP1 SUSE Linux Enterprise High Availability Extension 15 SP2 SUSE Linux Enterprise High Availability Extension 15 SP3 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 openSUSE Tumbleweed ruby2.1-rubygem-railties-4_2 ruby2.1-rubygem-railties-4_2-4.2.2-2.4 ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1 ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1 ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1 ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1 ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1 ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1 ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1 ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1 ruby2.5-rubygem-railties-5_1 rubygem-railties-4_2 rubygem-railties-5_1 ruby2.1-rubygem-railties-4_2-4.2.2-2.4 as a component of SUSE OpenStack Cloud 6 ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1 as a component of openSUSE Tumbleweed ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1 as a component of openSUSE Tumbleweed ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1 as a component of openSUSE Tumbleweed ruby2.5-rubygem-railties-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 rubygem-railties-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 ruby2.5-rubygem-railties-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP1 rubygem-railties-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP1 ruby2.5-rubygem-railties-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP2 rubygem-railties-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP2 ruby2.5-rubygem-railties-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP3 rubygem-railties-5_1 as a component of SUSE Linux Enterprise High Availability Extension 15 SP3 ruby2.1-rubygem-railties-4_2 as a component of SUSE OpenStack Cloud Crowbar 8 rubygem-railties-4_2 as a component of SUSE OpenStack Cloud Crowbar 8 ruby2.1-rubygem-railties-4_2 as a component of SUSE OpenStack Cloud Crowbar 9 rubygem-railties-4_2 as a component of SUSE OpenStack Cloud Crowbar 9 activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls. CVE-2014-3514 SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.2-2.4 openSUSE Tumbleweed:ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1 openSUSE Tumbleweed:ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1 openSUSE Tumbleweed:ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1 SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-railties-5_1 SUSE Linux Enterprise High Availability Extension 15 SP1:rubygem-railties-5_1 SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-railties-5_1 SUSE Linux Enterprise High Availability Extension 15 SP2:rubygem-railties-5_1 SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-railties-5_1 SUSE Linux Enterprise High Availability Extension 15 SP3:rubygem-railties-5_1 SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-railties-5_1 SUSE Linux Enterprise High Availability Extension 15:rubygem-railties-5_1 SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-railties-4_2 SUSE OpenStack Cloud Crowbar 8:rubygem-railties-4_2 SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-railties-4_2 SUSE OpenStack Cloud Crowbar 9:rubygem-railties-4_2 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P