Description The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. Remediation References CVE-2010-3299 Related Vulnerabilities WordPress Plugin File Manager Multiple Vulnerabilities (4.8) WordPress Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2020-4049) WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.16) WordPress Plugin Smart Flv 'jwplayer.swf' Multiple Cross-Site Scripting Vulnerabilities (1.0) WordPress Plugin Restricted Site Access Unspecified Vulnerability (2.0) Severity Medium Classification CVE-2010-3299 CWE-311 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Tags Missing Update Known Vulnerabilities