docs/warning_types/CVE-2011-0446/index.markdown
Certain versions of Rails were vulnerable to a cross-site scripting vulnerability mail\_to.
Versions of Rails after 2.3.10 or 3.0.3 are not affected. Updating or removing the mail\_to links is advised.
For more details see [CVE-2011-0446](http://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81).