CVE-2011-0449 (retired)

Priority
Description
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x
before 3.0.4, when a case-insensitive filesystem is used, does not properly
implement filters associated with the list of available templates, which
allows remote attackers to bypass intended access restrictions via an
action name that uses an unintended case for alphabetic characters.
Package
Source: rails (LP Ubuntu Debian)
Upstream:released (3.0.4)
More Information

Updated: 2019-03-26 11:55:06 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)