VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
generic_textual	HIGH	http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain
generic_textual	HIGH	http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-0449
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-0449
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-0449
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-0449
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-0449
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-0449
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-0449
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-0449
epss	0.00555	https://api.first.org/data/v1/epss?cve=CVE-2011-0449
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-4ww3-3rxj-8v6q
generic_textual	HIGH	https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b
generic_textual	HIGH	https://github.com/rails/rails/tree/main/actionpack
generic_textual	HIGH	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2011-0449
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2011-0449
generic_textual	HIGH	https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061
generic_textual	HIGH	http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

System

Score

Found at

generic_textual

HIGH

http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain

generic_textual

HIGH

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

epss

0.00555

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

epss

0.00555

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

epss

0.00555

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

epss

0.00555

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

epss

0.00555

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

epss

0.00555

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

epss

0.00555

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

epss

0.00555

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

epss

0.00555

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

cvssv3.1_qr

HIGH

https://github.com/advisories/GHSA-4ww3-3rxj-8v6q

generic_textual

HIGH

https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b

generic_textual

HIGH

https://github.com/rails/rails/tree/main/actionpack

generic_textual

HIGH

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml

cvssv2

7.5

https://nvd.nist.gov/vuln/detail/CVE-2011-0449

generic_textual

HIGH

https://nvd.nist.gov/vuln/detail/CVE-2011-0449

generic_textual

HIGH

https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061

generic_textual

HIGH

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

Reference id	Reference type	URL
		http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain
		http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
		https://api.first.org/data/v1/epss?cve=CVE-2011-0449
		http://secunia.com/advisories/43278
		http://securitytracker.com/id?1025061
		https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b
		https://github.com/rails/rails/tree/main/actionpack
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml
		https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061
		http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4
		http://www.vupen.com/english/advisories/2011/0877
cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
CVE-2011-0449		https://nvd.nist.gov/vuln/detail/CVE-2011-0449
GHSA-4ww3-3rxj-8v6q		https://github.com/advisories/GHSA-4ww3-3rxj-8v6q
GLSA-201412-28		https://security.gentoo.org/glsa/201412-28

Reference id

Reference type

URL

http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html

https://api.first.org/data/v1/epss?cve=CVE-2011-0449

http://secunia.com/advisories/43278

http://securitytracker.com/id?1025061

https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b

https://github.com/rails/rails/tree/main/actionpack

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml

https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061

http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4

http://www.vupen.com/english/advisories/2011/0877

cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

CVE-2011-0449

https://nvd.nist.gov/vuln/detail/CVE-2011-0449

GHSA-4ww3-3rxj-8v6q

https://github.com/advisories/GHSA-4ww3-3rxj-8v6q

GLSA-201412-28

https://security.gentoo.org/glsa/201412-28

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:47:28.178156+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-0449.yml	38.0.0

2026-04-01T12:47:28.178156+00:00

GitLab Importer

Import

https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-0449.yml

38.0.0

Vulnerability ID	VCID-6j55-bstz-yybj
Aliases	CVE-2011-0449 GHSA-4ww3-3rxj-8v6q
Summary	High severity vulnerability that affects actionpack actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264	Permissions, Privileges, and Access Controls
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Percentile	0.68042
EPSS Score	0.00555
Published At	April 1, 2026, 12:55 p.m.