rails--rails

kotovalexarian-likes-github/rails--rails

mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

History

Aaron Patterson 4642d68d80 Eliminate instance level writers for class accessors Instance level writers can have an impact on how the Active Model / Record objects are saved. Specifically, they can be used to bypass validations. This is a problem if mass assignment protection is disabled and specific attributes are passed to the constructor. CVE-2016-0753	2016-01-22 15:02:46 -08:00
..
json.rb	Eliminate instance level writers for class accessors	2016-01-22 15:02:46 -08:00

Aaron Patterson 4642d68d80 Eliminate instance level writers for class accessors

Instance level writers can have an impact on how the Active Model /
Record objects are saved.  Specifically, they can be used to bypass
validations.  This is a problem if mass assignment protection is
disabled and specific attributes are passed to the constructor.

CVE-2016-0753

2016-01-22 15:02:46 -08:00

json.rb

Eliminate instance level writers for class accessors

2016-01-22 15:02:46 -08:00