There is a vulnerability in Ruby on Rails which could allow an attacker to circumvent the CSRF protection provided. This vulnerability has been assigned the CVE Identifier CVE-2011-0447. Versions Affected: 2.1.0 and above Not affected: Applications which don’t use the built in CSRF protection. Fixed Versions: 3.0.4, 2.3.11 Impact Certain combinations of browser plugins and HTTP redirects can be us