Vulnerabilities

CVE-2011-3186

by Fred · 29/08/2011

CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.

Date published : 2011-08-29

https://bugzilla.redhat.com/show_bug.cgi?id=732156

https://github.com/rails/rails/commit/11dafeaa7533be26441a63618be93a03869c83a9

Related

Tags: Cybersecurity Alert