Description The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. Remediation References CVE-2010-3299 Related Vulnerabilities PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5681) WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.37) WordPress Plugin Complete Gallery Manager for WordPress Arbitrary File Upload (3.3.3) WordPress Plugin All Post Contact Form Arbitrary File Upload (1.1.4) WordPress Plugin TDO Mini Forms Arbitrary File Upload (0.13.9) Severity Medium Classification CVE-2010-3299 CWE-311 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Tags Missing Update Known Vulnerabilities