Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 01:36
Type | Values Removed | Values Added |
---|---|---|
References | () http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain - | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html - | |
References | () http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released - | |
References | () http://www.openwall.com/lists/oss-security/2012/03/02/6 - | |
References | () http://www.openwall.com/lists/oss-security/2012/03/03/1 - | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=799275 - |
Information
Published : 2012-03-13 10:55
Updated : 2024-11-21 01:36
NVD link : CVE-2012-1098
Mitre link : CVE-2012-1098
CVE.ORG link : CVE-2012-1098
JSON object : View
Products Affected
rubyonrails
- rails
- ruby_on_rails
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')