Bug 731432 (CVE-2011-2929) - CVE-2011-2929 rubygem-actionpack: filter skipping vulnerability (Ruby on Rails)
Summary: CVE-2011-2929 rubygem-actionpack: filter skipping vulnerability (Ruby on Rails)
Alias: CVE-2011-2929
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 731440 731448
Blocks: 732542
TreeView+ depends on / blocked
Reported: 2011-08-17 16:29 UTC by Vincent Danen
Modified: 2019-09-29 12:46 UTC (History)
10 users (show)

Fixed In Version: rubygem-actionpack 3.0.10, rubygem-actionpack 3.1.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-01-16 09:46:29 UTC

Attachments (Terms of Use)

Description Vincent Danen 2011-08-17 16:29:39 UTC
A flaw in the template selection code in Ruby on Rails >=3.0 could allow an attacker to render a view they should not have access to [1].  This is corrected in 3.0.10 and 3.1.0rc6, patches are available in the advisory [1] and in git [2].

[1] http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6
[2] https://github.com/rails/rails/commit/5f94b93279f6d0682fafb237c301302c107a9552

Comment 2 Vincent Danen 2011-08-17 17:16:37 UTC
This flaw is in rubygem-actionpack, not rubygem-rails.

Comment 3 Vincent Danen 2011-08-17 17:25:46 UTC
Created rubygem-actionpack tracking bugs for this issue

Affects: fedora-15 [bug 731448]

Comment 5 Chris Lalancette 2011-08-18 14:08:21 UTC
I'm not really familiar with the Fedora security response procedures, but don't we also need a F-16 and rawhide bug as well?  Since the flaw was just fixed yesterday, the problem will be in all 3.

Comment 6 Vincent Danen 2011-08-18 20:29:37 UTC
You should be able to use the same tracking bug for all three.

Comment 7 Chris Lalancette 2011-08-18 20:45:55 UTC
OK, thanks, that's what I wanted to know.

Comment 8 Vincent Danen 2011-08-30 04:21:01 UTC
This issue has been assigned the name CVE-2011-2929:


Note You need to log in before you can comment on or make changes to this bug.