Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-R7Q2-5GQG-6C7Q
HistoryOct 24, 2017 - 6:33 p.m.

actionpack Improper Input Validation vulnerability

2017-10-2418:33:38
Google
osv.dev
10

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

80.7%

JSON

The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a “filter skipping vulnerability.”

References

Related

ubuntucve 1
prion 1
gitlab 1
debiancve 1
github 1
cve 1
nessus 3
openvas 19
fedora 9
gentoo 1
ubuntucve
ubuntucve
CVE-2011-2929
2011-08-29 00:00:00
prion
prion
Spoofing
2011-08-29 18:55:00
gitlab
gitlab
Improper Input Validation
2017-10-24 00:00:00
debiancve
debiancve
CVE-2011-2929
2011-08-29 18:55:00
github
github
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:38
cve
cve
CVE-2011-2929
2011-08-29 18:55:00
nessus
nessus
Fedora 15 : rubygem-actionpack-3.0.5-4.fc15 (2011-11572)
2011-09-07 00:00:00
Fedora 16 : rubygem-actionmailer-3.0.10-1.fc16 / rubygem-actionpack-3.0.10-1.fc16 / etc (2011-11386)
2011-09-07 00:00:00
GLSA-201412-28 : Ruby on Rails: Multiple vulnerabilities
2014-12-15 00:00:00
openvas
openvas
Fedora Update for rubygem-actionpack FEDORA-2011-11572
2011-09-12 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2011-11572
2011-09-12 00:00:00
Fedora Update for rubygem-rails FEDORA-2011-11386
2012-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-4.fc15
2011-09-07 00:07:54
[SECURITY] Fedora 16 Update: rubygem-activemodel-3.0.10-1.fc16
2011-09-07 03:23:00
[SECURITY] Fedora 16 Update: rubygem-activesupport-3.0.10-1.fc16
2011-09-07 03:23:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

80.7%

JSON
Related for OSV:GHSA-R7Q2-5GQG-6C7Q
ubuntucve1prion1gitlab1debiancve1github1cve1nessus3openvas19fedora9gentoo1