Search for vulnerabilities
| Vulnerability ID | VCID-ypcy-hry9-5fa3 |
| Aliases |
CVE-2011-0449
GHSA-4ww3-3rxj-8v6q |
| Summary | High severity vulnerability that affects actionpack actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access restrictions via an action name that uses an unintended case for alphabetic characters. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| generic_textual | HIGH | http://groups.google.com/group/rubyonrails-security/msg/04345b2e84df5b4f?dmode=source&output=gplain |
| generic_textual | HIGH | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html |
| epss | 0.00555 | https://api.first.org/data/v1/epss?cve=CVE-2011-0449 |
| generic_textual | HIGH | https://github.com/rails/rails/commit/6f80224057803f85b3f448936aae89e742452c3b |
| generic_textual | HIGH | https://github.com/rails/rails/tree/main/actionpack |
| generic_textual | HIGH | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-0449.yml |
| generic_textual | HIGH | https://nvd.nist.gov/vuln/detail/CVE-2011-0449 |
| generic_textual | HIGH | https://web.archive.org/web/20201207190612/http://securitytracker.com/id?1025061 |
| generic_textual | HIGH | http://weblog.rubyonrails.org/2011/2/8/new-releases-2-3-11-and-3-0-4 |
| Percentile | 0.68473 |
| EPSS Score | 0.00555 |
| Published At | June 4, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-02T04:37:18.253227+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-0449.yml | 38.6.0 |