Search for vulnerabilities
| Vulnerability ID | VCID-5mr1-tzkd-v3ae |
| Aliases |
GHSA-hm48-76wh-q86v
|
| Summary | High severity vulnerability that affects activerecord Withdrawn, accidental duplicate publish. activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| cvssv3.1_qr | HIGH | https://github.com/advisories/GHSA-hm48-76wh-q86v |
| generic_textual | HIGH | https://github.com/advisories/GHSA-hm48-76wh-q86v |
| generic_textual | HIGH | https://nvd.nist.gov/vuln/detail/CVE-2014-3514 |
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/advisories/GHSA-hm48-76wh-q86v | ||
| https://nvd.nist.gov/vuln/detail/CVE-2014-3514 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-04-01T13:03:51.513895+00:00 | GithubOSV Importer | Import | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-hm48-76wh-q86v/GHSA-hm48-76wh-q86v.json | 38.0.0 |