presidentbeef/brakeman

View on GitHub
docs/warning_types/CVE-2010-3933/index.markdown

Summary

Maintainability
Test Coverage
Rails 2.3.9 and 3.0.0 are vulnerable to an attack on nested attributes wherein a malicious user could alter data in any record in the system.

It is recommended to upgrade to at least 2.3.10 or 3.0.1.

For more details see [CVE-2011-0446](http://groups.google.com/group/rubyonrails-security/browse_thread/thread/f9f913d328dafe0c).