Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2vex-unxw-jub9
Vulnerability ID VCID-2vex-unxw-jub9
Aliases CVE-2013-0276
GHSA-gr44-7grc-37vq
OSV-90072
Summary Circumvention of attr_protected The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-284 Improper Access Control
System Score Found at
generic_textual MODERATE http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0686.html
epss 0.00606 https://api.first.org/data/v1/epss?cve=CVE-2013-0276
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-gr44-7grc-37vq
generic_textual MODERATE https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml
generic_textual MODERATE https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-0276
generic_textual MODERATE http://support.apple.com/kb/HT5784
generic_textual MODERATE https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896
generic_textual MODERATE http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
generic_textual MODERATE http://www.debian.org/security/2013/dsa-2620
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2013/02/11/5
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00048.html
http://rhn.redhat.com/errata/RHSA-2013-0686.html
https://api.first.org/data/v1/epss?cve=CVE-2013-0276
https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/AFBKNY7VSH8
https://groups.google.com/group/rubyonrails-security/msg/bb44b98a73ef1a06?dmode=source&output=gplain
http://support.apple.com/kb/HT5784
https://web.archive.org/web/20130217055442/http://www.securityfocus.com/bid/57896
http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released
http://weblog.rubyonrails.org/2013/2/11/SEC-ANN-Rails-3-2-12-3-1-11-and-2-3-17-have-been-released/
http://www.debian.org/security/2013/dsa-2620
http://www.openwall.com/lists/oss-security/2013/02/11/5
CVE-2013-0276 https://nvd.nist.gov/vuln/detail/CVE-2013-0276
CVE-2013-0276.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2013-0276.yml
GHSA-gr44-7grc-37vq https://github.com/advisories/GHSA-gr44-7grc-37vq
GLSA-201412-28 https://security.gentoo.org/glsa/201412-28
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.69983
EPSS Score 0.00606
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:51:57.971101+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2013-0276.yml 38.6.0