DerScanner
Home / Vulnerability Database / Ruby : Mass assignment
Ruby

Ruby : Mass assignment

Classification

OWASP Top 10 2013
A4-Insecure Direct Object References
OWASP Top 10 2017
A5-Broken Access Control
OWASP Top 10 2021
A1-Broken Access Control
OWASP ASVS
Validation, Sanitization and Encoding
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (e)(1,2)
CWE
CWE-1030

Overview

The application uses a mass assignment. An attacker can set new values for an existing parameter in a request, thus escalating privileges.

References

  1. OWASP Top Ten 2017 Category A4 - XML External Entities (XXE)
  2. OWASP Top 10 2017-A5-Broken Access Control
  3. A01:2021 – Broken Access Control
  4. Mass Assignment Cheat Sheet
  5. Mass Assignment, Rails, and You
MEDIUM

DerScanner Severity Score

Do you want to fix Ruby : Mass assignment in your application?

See also

Ruby

Ruby : Weak hashing algorithm

Ruby

Ruby : Empty encryption key

Ruby

Ruby : Hardcoded sensitive data