Descriptionactionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SU-2012:0434-1, published Fri Mar 30 11:08:17 MDT 2012 openSUSE-SU-2011:1305-1
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Studio Onsite Runner 1.2|| ||Patchnames: |
SUSE Timeline for this CVECVE page created: Fri Jun 28 04:22:21 2013
CVE page last modified: Thu Dec 7 12:57:59 2023