# File lib/brakeman/checks/check_forgery_setting.rb, line 61
  def check_cve_2011_0447
    @warned_cve_2011_0447 ||= false
    return if @warned_cve_2011_0447

    if version_between? "2.1.0", "2.3.10"
      new_version = "2.3.11"
    elsif version_between? "3.0.0", "3.0.3"
      new_version = "3.0.4"
    else
      return
    end

    @warned_cve_2011_0447 = true # only warn once

    csrf_warning :warning_code => :CVE_2011_0447,
      :message => msg("CSRF protection is flawed in unpatched versions of ", msg_version(rails_version), " ", msg_cve("CVE-2011-0447"), ". Upgrade to ", msg_version(new_version), " or apply patches as needed"),
      :gem_info => gemfile_or_environment,
      :file => nil,
      :link_path => "https://groups.google.com/d/topic/rubyonrails-security/LZWjzCPgNmU/discussion"
  end