UNKNOWN RubyGems
activesupport Cross-site Scripting vulnerability
GHSA-qv8p-v9qw-wc7g · CVE-2012-1098
Published · Modified
Description
Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2012-1098
- WEB https://bugzilla.redhat.com/show_bug.cgi?id=799275
- WEB http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain
- WEB http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html
- WEB http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released
- WEB http://www.openwall.com/lists/oss-security/2012/03/02/6
- WEB http://www.openwall.com/lists/oss-security/2012/03/03/1
Ready to move
Start Securing
Free, no credit card | First findings in minutes