CVE-2011-0447

Name of the Vulnerable Software and Affected Versions Ruby on Rails versions 2.1.x through 2.3.x before 2.3.11 Ruby on Rails versions 3.x before 3.0.4

Description The issue makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX or API requests. This is related to improper validation of HTTP requests that contain an X-Requested-With header, which can be leveraged using combinations of browser plugins and HTTP redirects.

Recommendations For Ruby on Rails versions 2.1.x through 2.3.x before 2.3.11, update to version 2.3.11 or later. For Ruby on Rails versions 3.x before 3.0.4, update to version 3.0.4 or later.