Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2011-2929HistoryAug 29, 2011 - 6:55 p.m.
CVE-2011-2929
2011-08-2918:55:01
Debian Security Bug Tracker
security-tracker.debian.org
15
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.3%
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a “filter skipping vulnerability.”
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | rails | < 2:6.1.7.3+dfsg-2~deb12u1 | rails_2:6.1.7.3+dfsg-2~deb12u1_all.deb |
| Debian | 11 | all | rails | < 2:6.0.3.7+dfsg-2+deb11u2 | rails_2:6.0.3.7+dfsg-2+deb11u2_all.deb |
| Debian | 999 | all | rails | < 2:6.1.7.3+dfsg-3 | rails_2:6.1.7.3+dfsg-3_all.deb |
| Debian | 13 | all | rails | < 2:6.1.7.3+dfsg-3 | rails_2:6.1.7.3+dfsg-3_all.deb |
Related
cvelist
cvelist
CVE-2011-2929
2011-08-29 18:00:00
osv
osv
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:38
prion
prion
Spoofing
2011-08-29 18:55:00
gitlab
gitlab
Improper Input Validation
2017-10-24 00:00:00
nvd
nvd
CVE-2011-2929
2011-08-29 18:55:01
ubuntucve
ubuntucve
CVE-2011-2929
2011-08-29 00:00:00
cve
cve
CVE-2011-2929
2011-08-29 18:55:01
github
github
actionpack Improper Input Validation vulnerability
2017-10-24 18:33:38
nessus
nessus
Fedora 15 : rubygem-actionpack-3.0.5-4.fc15 (2011-11572)
2011-09-07 00:00:00
Fedora 16 : rubygem-actionmailer-3.0.10-1.fc16 / rubygem-actionpack-3.0.10-1.fc16 / etc (2011-11386)
2011-09-07 00:00:00
GLSA-201412-28 : Ruby on Rails: Multiple vulnerabilities
2014-12-15 00:00:00
openvas
openvas
Fedora Update for rubygem-actionpack FEDORA-2011-11572
2011-09-12 00:00:00
Fedora Update for rubygem-actionpack FEDORA-2011-11572
2011-09-12 00:00:00
Fedora Update for rubygem-actionmailer FEDORA-2011-11386
2012-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-4.fc15
2011-09-07 00:07:54
[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-1.fc16
2011-09-07 03:23:00
[SECURITY] Fedora 16 Update: rubygem-activeresource-3.0.10-1.fc16
2011-09-07 03:23:00
gentoo
gentoo
Ruby on Rails: Multiple vulnerabilities
2014-12-14 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.3%
Related for DEBIANCVE:CVE-2011-2929