actionpack Cross-site Scripting vulnerability

GHSA-7g65-ghrg-hpf5 · CVE-2012-3465

Published Oct 24, 2017 · Modified Jan 21, 2025

Description

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2012-3465
WEB https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77
WEB https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a
PACKAGE https://github.com/rails/rails
WEB https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
WEB http://rhn.redhat.com/errata/RHSA-2013-0154.html
WEB http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes