actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x prior to 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote malicious users to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rubyonrails rails 3.0.0 |
||
rubyonrails rails 3.0.1 |
||
rubyonrails rails 3.0.2 |
||
rubyonrails rails 3.0.3 |
||
rubyonrails rails 3.0.4 |