Web Mass Assignment Vulnerabilities

This vulnerability arises due to parameters not being whitelisted/blacklisted.

Sample attack scenario:

Original Request:

{ "user" => { "username" => "hacker", "email" => "hacker@example.com" } }

Modified Request:

{ "user" => { "username" => "hacker", "email" => "hacker@example.com", "admin" => true } }