Discovered 5 months ago
Source: static code analysis
Category: Mass Assignment
Confidence level: Weak


Unprotected mass assignment


app/controllers/admin/themes_controller.rb:62 => JSON.parse(params[:theme].read)["theme"]["name"], :user_id =>

Category description: Unprotected model attributes give the attacker a way to rewrite them. E.g., change the admin flag to true.

Solution: fix the issue in app/controllers/admin/themes_controller.rb or mark it as false positive.