Description
CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.
Remediation
References
Related Vulnerabilities
PHP Out-of-bounds Read Vulnerability (CVE-2020-7061)
WordPress 4.6.x Cross-Site Request Forgery (4.6 - 4.6.13)
Microsoft SQL Server Other Vulnerability (CVE-2001-0542)
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2009-1890)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-33359)