Certain versions of Rails were vulnerable to a cross-site scripting vulnerability mail_to.

Versions of Rails after 2.3.10 or 3.0.3 are not affected. Updating or removing the mail_to links is advised.

For more details see CVE-2011-0446.

Back to Warning Types