CVE-2011-0449

Publication date 21 February 2011

Last updated 24 July 2024

Description

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
rails	10.10 maverick	Not affected
	10.04 LTS lucid	Not affected
	9.10 karmic	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2011-0449