Your submission was sent successfully! Close

CVE-2010-3299

Published: 12 November 2019

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.

Priority

Negligible

CVSS 3 base score: 6.5

Status

Package Release Status
rails
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(contains no code)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [contains no code])
ruby-rails-2.3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Notes

AuthorNote
mdeslaur
in Oneiric+, rails package is just for transition

References