High severity vulnerability that affects activerecord
        
  High severity
        
          GitHub Reviewed
      
        Published
          Aug 21, 2018 
          to the GitHub Advisory Database
          •
          Updated Jan 9, 2023 
      
  
  
      Withdrawn
      This advisory was withdrawn on Jun 17, 2020
  
    
      Package
Affected versions
>= 4.0.0, < 4.0.9
      >= 4.1.0, < 4.1.5
  Patched versions
4.0.9
      4.1.5
  Description
        Published to the GitHub Advisory Database
      Aug 21, 2018 
    
  
        Reviewed
      Jun 17, 2020 
    
  
        Withdrawn
      Jun 17, 2020 
    
  
        Last updated
      Jan 9, 2023 
    
  
Withdrawn, accidental duplicate publish.
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.
References