CVE-2011-2929

Ruby on Rails 3.0.x-3.0.9 and 3.1.x-3.1.0.rc5 - Remote Arbitrary View Rendering via Glob Character Handling

Title source: llm
STIX 2.1

Description

The template selection functionality in actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.10 and 3.1.x before 3.1.0.rc6 does not properly handle glob characters, which allows remote attackers to render arbitrary views via a crafted URL, related to a "filter skipping vulnerability."

References (12)

Core 12
Core References
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/17/1
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/22/13
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/19/11
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/20/1
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065109.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/22/14
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/22/5

Scores

EPSS 0.0081
EPSS Percentile 74.5%

Details

CWE
CWE-20
Status published
Products (14)
rubygems/actionpack 3.0.0 - 3.0.10RubyGems
rubyonrails/rails 3.0.0 (7 CPE variants)
rubyonrails/rails 3.0.1 (2 CPE variants)
rubyonrails/rails 3.0.2 (2 CPE variants)
rubyonrails/rails 3.0.3
rubyonrails/rails 3.0.4 rc1
rubyonrails/rails 3.0.5 (2 CPE variants)
rubyonrails/rails 3.0.6 (3 CPE variants)
rubyonrails/rails 3.0.7 (3 CPE variants)
rubyonrails/rails 3.0.8 (5 CPE variants)
... and 4 more
Published Aug 29, 2011
Tracked Since Feb 18, 2026