VulnerableCode Vulnerability Details - VCID-xmwx-eqjn-pba9

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-xmwx-eqjn-pba9

Essentials
Severities (11)
References (15)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-xmwx-eqjn-pba9
Aliases	CVE-2010-3933 GHSA-gjxw-5w2q-7grf
Summary	Rails activerecord gem has Improper Input Validation vulnerability Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-20	Improper Input Validation
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00712	https://api.first.org/data/v1/epss?cve=CVE-2010-3933
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-gjxw-5w2q-7grf
generic_textual	MODERATE	https://github.com/rails/rails
generic_textual	MODERATE	https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
generic_textual	MODERATE	https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2010-3933
generic_textual	MODERATE	https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
generic_textual	MODERATE	https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
generic_textual	MODERATE	https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
generic_textual	MODERATE	http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2010-3933
		http://secunia.com/advisories/41930
		http://securitytracker.com/id?1024624
		https://github.com/rails/rails
		https://github.com/rails/rails/commit/2d96bccb1e8b62e3e11ca0c5d38aaa8cece889ae
		https://github.com/rails/rails/commit/96183e0f284bab27667e5a38fa6a1578eb029585
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2010-3933.yml
		https://nvd.nist.gov/vuln/detail/CVE-2010-3933
		https://web.archive.org/web/20101129225633/http://securitytracker.com/alerts/2010/Oct/1024624.html
		https://web.archive.org/web/20111225083933/http://secunia.com/advisories/41930
		https://web.archive.org/web/20201208053819/http://securitytracker.com/id?1024624
		http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0
		http://www.vupen.com/english/advisories/2010/2719
GHSA-gjxw-5w2q-7grf		https://github.com/advisories/GHSA-gjxw-5w2q-7grf
GLSA-201412-28		https://security.gentoo.org/glsa/201412-28

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.72613
EPSS Score	0.00712
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:57:24.234588+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-gjxw-5w2q-7grf/GHSA-gjxw-5w2q-7grf.json	38.6.0