VDB
DEBIAN-CVE-2011-3186
DEBIAN-CVE-2011-3186
PUBLISHED
CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | rails | 0, 0, 0 |
| Debian:11 | rails | 0, 0, 0 |
| Debian:12 | rails | 0, 0, 0 |
| Debian:13 | rails | 0, 0, 0 |
Timeline
- Aug 29, 2011 CVE Published
- Apr 28, 2026 CVE Updated