CVE-2011-0449 High Severity Vulnerability detected by WhiteSource

[mend-bolt-for-github]

CVE-2011-0449 - High Severity Vulnerability

Vulnerable Library - rails-3.0.1.gem

path: /tmp/git/sample_app/Gemfile.lock

Library home page: http://rubygems.org/gems/rails-3.0.1.gem

Dependency Hierarchy:

• factory_girl_rails-1.0.gem (Root Library)
  • ❌ rails-3.0.1.gem (Vulnerable Library)

Vulnerability Details

actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.

Publish Date: 2011-02-21

URL: CVE-2011-0449

CVSS 2 Score Details (7.5)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://security.gentoo.org/glsa/201412-28

Release Date: 2014-12-14

Fix Resolution: All Ruby on Rails 2.x users should upgrade to the latest version >= rails-2.3.18

---

Step up your Open Source Security Game with WhiteSource here