Nested attributes reject_if proc can be circumvented by providing "_destroy" parameter

Disclosed: 2016-02-12 23:10:52 By jcoyne To rails

High

Vulnerability Details

No vulnerability description provided or it is restricted.

Actions

View on HackerOne

Report Stats

Report ID: 90457
State: Closed
Substate: resolved
Upvotes: 9

Share this report