CVE-2011-3186 in Ruby on Rails
摘要
由 VulDB • 2026-07-02
Ruby on Rails 2.3.x(低于 2.3.13)版本中 actionpack/lib/action_controller/response.rb 存在 CRLF 注入漏洞,远程攻击者可通过 Content-Type 标头注入任意 HTTP 标头并实施 HTTP 响应拆分攻击。
VulDB is the best source for vulnerability data and more expert information about this specific topic.