Description The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. Remediation References CVE-2010-3299 Related Vulnerabilities Microsoft SQL Server CVE-2024-0056 Vulnerability (CVE-2024-0056) MediaWiki Other Vulnerability (CVE-2007-0177) WordPress Plugin Image Source Control Security Bypass (2.3.0) WordPress Plugin Import any XML or CSV File to WordPress Arbitrary File Upload (3.6.7) XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-35162) Severity Medium Classification CVE-2010-3299 CWE-311 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Tags Missing Update Known Vulnerabilities