Cross-site Scripting in actionpack

GHSA-2xjj-5x6h-8vmf · CVE-2012-1099

Published Oct 24, 2017 · Modified Nov 29, 2024

Description

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2012-1099
WEB https://bugzilla.redhat.com/show_bug.cgi?id=799276
ADVISORY https://github.com/advisories/GHSA-2xjj-5x6h-8vmf
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2012-1099.yml
WEB http://groups.google.com/group/rubyonrails-security/msg/6fca4f5c47705488?dmode=source&output=gplain
WEB http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html
WEB http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075740.html
WEB http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released
WEB http://www.debian.org/security/2012/dsa-2466
WEB http://www.openwall.com/lists/oss-security/2012/03/02/6
WEB http://www.openwall.com/lists/oss-security/2012/03/03/1

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes