Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Ruby on Rails Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2011-3186 - Vulnerability Database
Ruby on Rails

Ruby on Rails Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2011-3186

Medium
Reference: CVE-2011-3186
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-3186
Title: Ruby on Rails Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.