actionpack allows remote attackers to bypass intended access restrictions

GHSA-4ww3-3rxj-8v6q · CVE-2011-0449

Published Oct 24, 2017 · Modified Nov 29, 2024

Description

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2011-0449
WEB https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b
PACKAGE https://github.com/rails/rails/tree/main/actionpack
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml
WEB https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061
WEB http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain
WEB http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
WEB http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes