CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x
before 3.0.4, when a case-insensitive filesystem is used, does not
properly implement filters associated with the list of available
templates, which allows remote attackers to bypass intended access
restrictions via an action name that uses an unintended case for
alphabetic characters.
Vendor | Product | Version | CPE |
---|---|---|---|
ruby | actionpack | * | cpe:2.3:a:ruby:actionpack:*:*:*:*:*:*:*:* |