{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2014-3514","title":"Title"},{"category":"description","text":"activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2014-3514","url":"https://www.suse.com/security/cve/CVE-2014-3514"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 892777 for CVE-2014-3514","url":"https://bugzilla.suse.com/892777"}],"title":"SUSE CVE CVE-2014-3514","tracking":{"current_release_date":"2025-10-08T00:26:05Z","generator":{"date":"2023-02-15T05:28:50Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2014-3514","initial_release_date":"2023-02-15T05:28:50Z","revision_history":[{"date":"2023-02-15T05:28:50Z","number":"2","summary":"Current version"},{"date":"2024-10-11T05:54:56Z","number":"3","summary":"Current version"},{"date":"2025-03-14T06:44:15Z","number":"4","summary":"Current version"},{"date":"2025-03-16T12:15:30Z","number":"5","summary":"Current version"},{"date":"2025-04-16T02:57:12Z","number":"6","summary":"Current version"},{"date":"2025-10-08T00:26:05Z","number":"7","summary":"Current version"}],"status":"interim","version":"7"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise High Availability Extension 15","product":{"name":"SUSE Linux Enterprise High Availability Extension 15","product_id":"SUSE Linux Enterprise High Availability Extension 15","product_identification_helper":{"cpe":"cpe:/o:suse:sle-ha:15"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Availability Extension 15 SP1","product":{"name":"SUSE Linux Enterprise High Availability Extension 15 SP1","product_id":"SUSE Linux Enterprise High Availability Extension 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sle-ha:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Availability Extension 15 SP2","product":{"name":"SUSE Linux Enterprise High Availability Extension 15 SP2","product_id":"SUSE Linux Enterprise High Availability Extension 15 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sle-ha:15:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Availability Extension 15 SP3","product":{"name":"SUSE Linux Enterprise High Availability Extension 15 SP3","product_id":"SUSE Linux Enterprise High Availability Extension 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-ha:15:sp3"}}},{"category":"product_name","name":"SUSE OpenStack Cloud 6","product":{"name":"SUSE OpenStack Cloud 6","product_id":"SUSE OpenStack Cloud 6","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud:6"}}},{"category":"product_name","name":"SUSE OpenStack Cloud 7","product":{"name":"SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud:7"}}},{"category":"product_name","name":"SUSE OpenStack Cloud Crowbar 8","product":{"name":"SUSE OpenStack Cloud Crowbar 8","product_id":"SUSE OpenStack Cloud Crowbar 8","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud-crowbar:8"}}},{"category":"product_name","name":"SUSE OpenStack Cloud Crowbar 9","product":{"name":"SUSE OpenStack Cloud Crowbar 9","product_id":"SUSE OpenStack Cloud Crowbar 9","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud-crowbar:9"}}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"ruby2.1-rubygem-railties-4_2","product":{"name":"ruby2.1-rubygem-railties-4_2","product_id":"ruby2.1-rubygem-railties-4_2","product_identification_helper":{"purl":"pkg:rpm/suse/ruby2.1-rubygem@railties-4_2"}}},{"category":"product_version","name":"ruby2.1-rubygem-railties-4_2-4.2.2-2.4","product":{"name":"ruby2.1-rubygem-railties-4_2-4.2.2-2.4","product_id":"ruby2.1-rubygem-railties-4_2-4.2.2-2.4","product_identification_helper":{"purl":"pkg:rpm/suse/ruby2.1-rubygem-railties-4_2@4.2.2-2.4?upstream=rubygem-railties-4_2-4.2.2-2.4.src.rpm"}}},{"category":"product_version","name":"ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1","product":{"name":"ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1","product_id":"ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/ruby2.2-rubygem-railties-4_2@4.2.7.1-1.1"}}},{"category":"product_version","name":"ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1","product":{"name":"ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1","product_id":"ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/ruby2.2-rubygem-railties-5_0@5.0.0.1-1.1"}}},{"category":"product_version","name":"ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1","product":{"name":"ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1","product_id":"ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/ruby2.2-rubygem-railties-doc-4_2@4.2.7.1-1.1"}}},{"category":"product_version","name":"ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1","product":{"name":"ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1","product_id":"ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/ruby2.2-rubygem-railties-doc-5_0@5.0.0.1-1.1"}}},{"category":"product_version","name":"ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1","product":{"name":"ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1","product_id":"ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/ruby2.3-rubygem-railties-4_2@4.2.7.1-1.1"}}},{"category":"product_version","name":"ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1","product":{"name":"ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1","product_id":"ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/ruby2.3-rubygem-railties-5_0@5.0.0.1-1.1"}}},{"category":"product_version","name":"ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1","product":{"name":"ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1","product_id":"ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/ruby2.3-rubygem-railties-doc-4_2@4.2.7.1-1.1"}}},{"category":"product_version","name":"ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1","product":{"name":"ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1","product_id":"ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1","product_identification_helper":{"purl":"pkg:rpm/suse/ruby2.3-rubygem-railties-doc-5_0@5.0.0.1-1.1"}}},{"category":"product_version","name":"ruby2.5-rubygem-railties-5_1","product":{"name":"ruby2.5-rubygem-railties-5_1","product_id":"ruby2.5-rubygem-railties-5_1","product_identification_helper":{"purl":"pkg:rpm/suse/ruby2.5-rubygem@railties-5_1"}}},{"category":"product_version","name":"rubygem-railties-4_2","product":{"name":"rubygem-railties-4_2","product_id":"rubygem-railties-4_2","product_identification_helper":{"purl":"pkg:rpm/suse/rubygem@railties-4_2"}}},{"category":"product_version","name":"rubygem-railties-5_1","product":{"name":"rubygem-railties-5_1","product_id":"rubygem-railties-5_1","product_identification_helper":{"purl":"pkg:rpm/suse/rubygem@railties-5_1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-railties-4_2-4.2.2-2.4 as component of SUSE OpenStack Cloud 6","product_id":"SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.2-2.4"},"product_reference":"ruby2.1-rubygem-railties-4_2-4.2.2-2.4","relates_to_product_reference":"SUSE OpenStack Cloud 6"},{"category":"default_component_of","full_product_name":{"name":"ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1"},"product_reference":"ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1"},"product_reference":"ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1"},"product_reference":"ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1"},"product_reference":"ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1"},"product_reference":"ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1"},"product_reference":"ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1"},"product_reference":"ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1"},"product_reference":"ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"ruby2.5-rubygem-railties-5_1 as component of SUSE Linux Enterprise High Availability Extension 15","product_id":"SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-railties-5_1"},"product_reference":"ruby2.5-rubygem-railties-5_1","relates_to_product_reference":"SUSE Linux Enterprise High Availability Extension 15"},{"category":"default_component_of","full_product_name":{"name":"rubygem-railties-5_1 as component of SUSE Linux Enterprise High Availability Extension 15","product_id":"SUSE Linux Enterprise High Availability Extension 15:rubygem-railties-5_1"},"product_reference":"rubygem-railties-5_1","relates_to_product_reference":"SUSE Linux Enterprise High Availability Extension 15"},{"category":"default_component_of","full_product_name":{"name":"ruby2.5-rubygem-railties-5_1 as component of SUSE Linux Enterprise High Availability Extension 15 SP1","product_id":"SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-railties-5_1"},"product_reference":"ruby2.5-rubygem-railties-5_1","relates_to_product_reference":"SUSE Linux Enterprise High Availability Extension 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"rubygem-railties-5_1 as component of SUSE Linux Enterprise High Availability Extension 15 SP1","product_id":"SUSE Linux Enterprise High Availability Extension 15 SP1:rubygem-railties-5_1"},"product_reference":"rubygem-railties-5_1","relates_to_product_reference":"SUSE Linux Enterprise High Availability Extension 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"ruby2.5-rubygem-railties-5_1 as component of SUSE Linux Enterprise High Availability Extension 15 SP2","product_id":"SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-railties-5_1"},"product_reference":"ruby2.5-rubygem-railties-5_1","relates_to_product_reference":"SUSE Linux Enterprise High Availability Extension 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"rubygem-railties-5_1 as component of SUSE Linux Enterprise High Availability Extension 15 SP2","product_id":"SUSE Linux Enterprise High Availability Extension 15 SP2:rubygem-railties-5_1"},"product_reference":"rubygem-railties-5_1","relates_to_product_reference":"SUSE Linux Enterprise High Availability Extension 15 SP2"},{"category":"default_component_of","full_product_name":{"name":"ruby2.5-rubygem-railties-5_1 as component of SUSE Linux Enterprise High Availability Extension 15 SP3","product_id":"SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-railties-5_1"},"product_reference":"ruby2.5-rubygem-railties-5_1","relates_to_product_reference":"SUSE Linux Enterprise High Availability Extension 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"rubygem-railties-5_1 as component of SUSE Linux Enterprise High Availability Extension 15 SP3","product_id":"SUSE Linux Enterprise High Availability Extension 15 SP3:rubygem-railties-5_1"},"product_reference":"rubygem-railties-5_1","relates_to_product_reference":"SUSE Linux Enterprise High Availability Extension 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-railties-4_2 as component of SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2"},"product_reference":"ruby2.1-rubygem-railties-4_2","relates_to_product_reference":"SUSE OpenStack Cloud 7"},{"category":"default_component_of","full_product_name":{"name":"rubygem-railties-4_2 as component of SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7:rubygem-railties-4_2"},"product_reference":"rubygem-railties-4_2","relates_to_product_reference":"SUSE OpenStack Cloud 7"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-railties-4_2 as component of SUSE OpenStack Cloud Crowbar 8","product_id":"SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-railties-4_2"},"product_reference":"ruby2.1-rubygem-railties-4_2","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 8"},{"category":"default_component_of","full_product_name":{"name":"rubygem-railties-4_2 as component of SUSE OpenStack Cloud Crowbar 8","product_id":"SUSE OpenStack Cloud Crowbar 8:rubygem-railties-4_2"},"product_reference":"rubygem-railties-4_2","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 8"},{"category":"default_component_of","full_product_name":{"name":"ruby2.1-rubygem-railties-4_2 as component of SUSE OpenStack Cloud Crowbar 9","product_id":"SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-railties-4_2"},"product_reference":"ruby2.1-rubygem-railties-4_2","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 9"},{"category":"default_component_of","full_product_name":{"name":"rubygem-railties-4_2 as component of SUSE OpenStack Cloud Crowbar 9","product_id":"SUSE OpenStack Cloud Crowbar 9:rubygem-railties-4_2"},"product_reference":"rubygem-railties-4_2","relates_to_product_reference":"SUSE OpenStack Cloud Crowbar 9"}]},"vulnerabilities":[{"cve":"CVE-2014-3514","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2014-3514"}],"notes":[{"category":"general","text":"activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls.","title":"CVE description"}],"product_status":{"known_affected":["SUSE OpenStack Cloud 7:ruby2.1-rubygem-railties-4_2","SUSE OpenStack Cloud 7:rubygem-railties-4_2","SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-railties-4_2","SUSE OpenStack Cloud Crowbar 8:rubygem-railties-4_2","SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-railties-4_2","SUSE OpenStack Cloud Crowbar 9:rubygem-railties-4_2"],"known_not_affected":["SUSE Linux Enterprise High Availability Extension 15 SP1:ruby2.5-rubygem-railties-5_1","SUSE Linux Enterprise High Availability Extension 15 SP1:rubygem-railties-5_1","SUSE Linux Enterprise High Availability Extension 15 SP2:ruby2.5-rubygem-railties-5_1","SUSE Linux Enterprise High Availability Extension 15 SP2:rubygem-railties-5_1","SUSE Linux Enterprise High Availability Extension 15 SP3:ruby2.5-rubygem-railties-5_1","SUSE Linux Enterprise High Availability Extension 15 SP3:rubygem-railties-5_1","SUSE Linux Enterprise High Availability Extension 15:ruby2.5-rubygem-railties-5_1","SUSE Linux Enterprise High Availability Extension 15:rubygem-railties-5_1"],"recommended":["SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.2-2.4","openSUSE Tumbleweed:ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1","openSUSE Tumbleweed:ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1","openSUSE Tumbleweed:ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1","openSUSE Tumbleweed:ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1","openSUSE Tumbleweed:ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1","openSUSE Tumbleweed:ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1","openSUSE Tumbleweed:ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1","openSUSE Tumbleweed:ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1"]},"references":[{"category":"external","summary":"CVE-2014-3514","url":"https://www.suse.com/security/cve/CVE-2014-3514"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 892777 for CVE-2014-3514","url":"https://bugzilla.suse.com/892777"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE OpenStack Cloud 6:ruby2.1-rubygem-railties-4_2-4.2.2-2.4","openSUSE Tumbleweed:ruby2.2-rubygem-railties-4_2-4.2.7.1-1.1","openSUSE Tumbleweed:ruby2.2-rubygem-railties-5_0-5.0.0.1-1.1","openSUSE Tumbleweed:ruby2.2-rubygem-railties-doc-4_2-4.2.7.1-1.1","openSUSE Tumbleweed:ruby2.2-rubygem-railties-doc-5_0-5.0.0.1-1.1","openSUSE Tumbleweed:ruby2.3-rubygem-railties-4_2-4.2.7.1-1.1","openSUSE Tumbleweed:ruby2.3-rubygem-railties-5_0-5.0.0.1-1.1","openSUSE Tumbleweed:ruby2.3-rubygem-railties-doc-4_2-4.2.7.1-1.1","openSUSE Tumbleweed:ruby2.3-rubygem-railties-doc-5_0-5.0.0.1-1.1"]}],"threats":[{"category":"impact","date":"2014-08-18T20:40:16Z","details":"important"}],"title":"CVE-2014-3514"}]}