CVE-2011-2929 in Ruby on Rails
요약 (영어)
The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."
If you want to get best quality of vulnerability data, you may have to visit VulDB.
예약하다
2011. 07. 27.
공개
2011. 08. 29.
상태
확인됨
엔트리
VulDB provides additional information and datapoints for this CVE:
| 아이디 | 취약성 | CWE | 악용 | 대책 | CVE |
|---|---|---|---|---|---|
| 58398 | Ruby on Rails resolver.rb 권한 상승 | 20 | 정의되지 않음 | 공식 수정 | CVE-2011-2929 |