VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
epss	0.00991	https://api.first.org/data/v1/epss?cve=CVE-2011-0447
epss	0.00991	https://api.first.org/data/v1/epss?cve=CVE-2011-0447
epss	0.00991	https://api.first.org/data/v1/epss?cve=CVE-2011-0447
epss	0.00991	https://api.first.org/data/v1/epss?cve=CVE-2011-0447
epss	0.00991	https://api.first.org/data/v1/epss?cve=CVE-2011-0447
epss	0.00991	https://api.first.org/data/v1/epss?cve=CVE-2011-0447
epss	0.00991	https://api.first.org/data/v1/epss?cve=CVE-2011-0447
epss	0.00991	https://api.first.org/data/v1/epss?cve=CVE-2011-0447
epss	0.00991	https://api.first.org/data/v1/epss?cve=CVE-2011-0447
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-24fg-p96v-hxh8
generic_textual	MODERATE	https://github.com/rails/rails
generic_textual	MODERATE	https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034
generic_textual	MODERATE	https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2011-0447
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2011-0447
generic_textual	MODERATE	https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
generic_textual	MODERATE	https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060
generic_textual	MODERATE	http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
generic_textual	MODERATE	http://www.debian.org/security/2011/dsa-2247

System

Score

Found at

generic_textual

MODERATE

http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain

generic_textual

MODERATE

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

generic_textual

MODERATE

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html

generic_textual

MODERATE

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html

epss

0.00991

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

epss

0.00991

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

epss

0.00991

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

epss

0.00991

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

epss

0.00991

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

epss

0.00991

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

epss

0.00991

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

epss

0.00991

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

epss

0.00991

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

cvssv3.1_qr

MODERATE

https://github.com/advisories/GHSA-24fg-p96v-hxh8

generic_textual

MODERATE

https://github.com/rails/rails

generic_textual

MODERATE

https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034

generic_textual

MODERATE

https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06

generic_textual

MODERATE

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml

cvssv2

6.8

https://nvd.nist.gov/vuln/detail/CVE-2011-0447

generic_textual

MODERATE

https://nvd.nist.gov/vuln/detail/CVE-2011-0447

generic_textual

MODERATE

https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291

generic_textual

MODERATE

https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060

generic_textual

MODERATE

http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

generic_textual

MODERATE

http://www.debian.org/security/2011/dsa-2247

Reference id	Reference type	URL
		http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain
		http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
		http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
		http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
		https://api.first.org/data/v1/epss?cve=CVE-2011-0447
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447
		http://secunia.com/advisories/43274
		http://secunia.com/advisories/43666
		https://github.com/rails/rails
		https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034
		https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06
		https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291
		https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060
		http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails
		http://www.debian.org/security/2011/dsa-2247
		http://www.securityfocus.com/bid/46291
		http://www.securitytracker.com/id?1025060
		http://www.vupen.com/english/advisories/2011/0587
		http://www.vupen.com/english/advisories/2011/0877
614864		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864
cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
CVE-2011-0447		https://nvd.nist.gov/vuln/detail/CVE-2011-0447
CVE-2011-0447.YML		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml
GHSA-24fg-p96v-hxh8		https://github.com/advisories/GHSA-24fg-p96v-hxh8
GLSA-201412-28		https://security.gentoo.org/glsa/201412-28

Reference id

Reference type

URL

http://groups.google.com/group/rubyonrails-security/msg/c22ea1668c0d181c?dmode=source&output=gplain

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html

https://api.first.org/data/v1/epss?cve=CVE-2011-0447

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0447

http://secunia.com/advisories/43274

http://secunia.com/advisories/43666

https://github.com/rails/rails

https://github.com/rails/rails/commit/66ce3843d32e9f2ac3b1da20067af53019bbb034

https://github.com/rails/rails/commit/7e86f9b4d2b7dfa974c10ae7e6d8ef90f3d77f06

https://web.archive.org/web/20120527023027/http://www.securityfocus.com/bid/46291

https://web.archive.org/web/20170223045008/http://www.securitytracker.com/id?1025060

http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails

http://www.debian.org/security/2011/dsa-2247

http://www.securityfocus.com/bid/46291

http://www.securitytracker.com/id?1025060

http://www.vupen.com/english/advisories/2011/0587

http://www.vupen.com/english/advisories/2011/0877

614864

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614864

cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

CVE-2011-0447

https://nvd.nist.gov/vuln/detail/CVE-2011-0447

CVE-2011-0447.YML

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0447.yml

GHSA-24fg-p96v-hxh8

https://github.com/advisories/GHSA-24fg-p96v-hxh8

GLSA-201412-28

https://security.gentoo.org/glsa/201412-28

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:47:26.885282+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-0447.yml	38.0.0

2026-04-01T12:47:26.885282+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-0447.yml

38.0.0

Vulnerability ID	VCID-49pq-vg95-jkh2
Aliases	CVE-2011-0447 GHSA-24fg-p96v-hxh8
Summary	Cross-Site Request Forgery (CSRF) Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-352	Cross-Site Request Forgery (CSRF)
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Percentile	0.76822
EPSS Score	0.00991
Published At	April 1, 2026, 12:55 p.m.