5
CVE-2011-2929
- EPSS 1.81%
- Veröffentlicht 29.08.2011 18:55:01
- Zuletzt bearbeitet 16.06.2026 23:32:16
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rubyonrails ≫ Rails Version3.0.0
Rubyonrails ≫ Rails Version3.0.0 Updatebeta
Rubyonrails ≫ Rails Version3.0.0 Updatebeta2
Rubyonrails ≫ Rails Version3.0.0 Updatebeta3
Rubyonrails ≫ Rails Version3.0.0 Updatebeta4
Rubyonrails ≫ Rails Version3.0.0 Updaterc
Rubyonrails ≫ Rails Version3.0.0 Updaterc2
Rubyonrails ≫ Rails Version3.0.1
Rubyonrails ≫ Rails Version3.0.1 Updatepre
Rubyonrails ≫ Rails Version3.0.2
Rubyonrails ≫ Rails Version3.0.2 Updatepre
Rubyonrails ≫ Rails Version3.0.3
Rubyonrails ≫ Rails Version3.0.4 Updaterc1
Rubyonrails ≫ Rails Version3.0.5
Rubyonrails ≫ Rails Version3.0.5 Updaterc1
Rubyonrails ≫ Rails Version3.0.6
Rubyonrails ≫ Rails Version3.0.6 Updaterc1
Rubyonrails ≫ Rails Version3.0.6 Updaterc2
Rubyonrails ≫ Rails Version3.0.7
Rubyonrails ≫ Rails Version3.0.7 Updaterc1
Rubyonrails ≫ Rails Version3.0.7 Updaterc2
Rubyonrails ≫ Rails Version3.0.8
Rubyonrails ≫ Rails Version3.0.8 Updaterc1
Rubyonrails ≫ Rails Version3.0.8 Updaterc2
Rubyonrails ≫ Rails Version3.0.8 Updaterc3
Rubyonrails ≫ Rails Version3.0.8 Updaterc4
Rubyonrails ≫ Rails Version3.0.9
Rubyonrails ≫ Rails Version3.0.9 Updaterc1
Rubyonrails ≫ Rails Version3.0.9 Updaterc2
Rubyonrails ≫ Rails Version3.0.9 Updaterc3
Rubyonrails ≫ Rails Version3.0.9 Updaterc4
Rubyonrails ≫ Rails Version3.0.9 Updaterc5
Rubyonrails ≫ Rails Version3.0.10 Updaterc1
Rubyonrails ≫ Ruby On Rails Version3.0.4
Rubyonrails ≫ Rails Version3.1.0
Rubyonrails ≫ Rails Version3.1.0 Updatebeta1
Rubyonrails ≫ Rails Version3.1.0 Updaterc1
Rubyonrails ≫ Rails Version3.1.0 Updaterc2
Rubyonrails ≫ Rails Version3.1.0 Updaterc3
Rubyonrails ≫ Rails Version3.1.0 Updaterc4
Rubyonrails ≫ Rails Version3.1.0 Updaterc5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.81% | 0.758 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://groups.google.com/group/rubyonrails-security/msg/cbbbba6e4f7eaf61?dmode=source&output=gplain
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
http://www.openwall.com/lists/oss-security/2011/08/17/1
http://www.openwall.com/lists/oss-security/2011/08/19/11
http://www.openwall.com/lists/oss-security/2011/08/20/1
http://www.openwall.com/lists/oss-security/2011/08/22/13
http://www.openwall.com/lists/oss-security/2011/08/22/14
http://www.openwall.com/lists/oss-security/2011/08/22/5
https://bugzilla.redhat.com/show_bug.cgi?id=731432
https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552