CVE-2011-2929

Опубликовано: 29 авг. 2011

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00814

Низкий

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

CVE-2011-2929

ubuntu

больше 14 лет назад

CVE-2011-2929

debian

больше 14 лет назад

The template selection functionality in actionpack/lib/action_view/tem ...

GHSA-r7q2-5gqg-6c7q

github

больше 8 лет назад

actionpack Improper Input Validation vulnerability

EPSS

Процентиль: 74%

0.00814

Низкий

5 Medium

CVSS2

Дефекты

CWE-20