Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2011-2929HistoryAug 29, 2011 - 6:55 p.m.
CVE-2011-2929
2011-08-2918:55:00
Debian Security Bug Tracker
security-tracker.debian.org
12
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
80.9%
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a “filter skipping vulnerability.”
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | rails | < 2:6.1.7.3+dfsg-1 | rails_2:6.1.7.3+dfsg-1_all.deb |
| Debian | 11 | all | rails | < 2:6.0.3.7+dfsg-2+deb11u2 | rails_2:6.0.3.7+dfsg-2+deb11u2_all.deb |
| Debian | 10 | all | rails | < 2:5.2.2.1+dfsg-1+deb10u3 | rails_2:5.2.2.1+dfsg-1+deb10u3_all.deb |
| Debian | 999 | all | rails | < 2:6.1.7.3+dfsg-3 | rails_2:6.1.7.3+dfsg-3_all.deb |
| Debian | 13 | all | rails | < 2:6.1.7.3+dfsg-3 | rails_2:6.1.7.3+dfsg-3_all.deb |
Related
ubuntucve
ubuntucve
CVE-2011-2929
2011-08-29 00:00:00
osv
osv
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:38
prion
prion
Spoofing
2011-08-29 18:55:00
gitlab
gitlab
Improper Input Validation
2017-10-24 00:00:00
github
github
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:38
cve
cve
CVE-2011-2929
2011-08-29 18:55:00
nessus
nessus
Fedora 15 : rubygem-actionpack-3.0.5-4.fc15 (2011-11572)
2011-09-07 00:00:00
Fedora 16 : rubygem-actionmailer-3.0.10-1.fc16 / rubygem-actionpack-3.0.10-1.fc16 / etc (2011-11386)
2011-09-07 00:00:00
GLSA-201412-28 : Ruby on Rails: Multiple vulnerabilities
2014-12-15 00:00:00
openvas
openvas
Fedora Update for rubygem-actionpack FEDORA-2011-11572
2011-09-12 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2011-11572
2011-09-12 00:00:00
Fedora Update for rubygem-actionmailer FEDORA-2011-11386
2012-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-4.fc15
2011-09-07 00:07:54
[SECURITY] Fedora 16 Update: rubygem-activemodel-3.0.10-1.fc16
2011-09-07 03:23:00
[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-1.fc16
2011-09-07 03:23:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
80.9%
Related for DEBIANCVE:CVE-2011-2929