ADVISORIES
- CVE-2011-3186 (NVD)
- GHSA-fcqf-h4h4-695m
- OSVDB-74616
- Vendor Advisory
GEM
FRAMEWORK
SEVERITY
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
- >= 2.3.13
DESCRIPTION
A response splitting flaw in Ruby on Rails 2.3.x was reported that could allow a remote attacker to inject arbitrary HTTP headers into a response due to insufficient sanitization of the values provided for response content types.