Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-3226HistoryJul 26, 2015 - 10:59 p.m.
CVE-2015-3226
2015-07-2622:59:00
Debian Security Bug Tracker
security-tracker.debian.org
15
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.1%
Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | rails | < 2:4.2.4-2 | rails_2:4.2.4-2_all.deb |
| Debian | 11 | all | rails | < 2:4.2.4-2 | rails_2:4.2.4-2_all.deb |
| Debian | 10 | all | rails | < 2:4.2.4-2 | rails_2:4.2.4-2_all.deb |
| Debian | 999 | all | rails | < 2:4.2.4-2 | rails_2:4.2.4-2_all.deb |
| Debian | 13 | all | rails | < 2:4.2.4-2 | rails_2:4.2.4-2_all.deb |
Related
hackerone
hackerone
Ruby on Rails: JSON keys are not properly escaped
2015-02-10 01:00:04
cve
cve
CVE-2015-3226
2015-07-26 22:59:00
openvas
openvas
Ruby on Rails Active Support Cross Site Scripting Vulnerability - Linux
2016-10-13 00:00:00
Ruby on Rails Active Support Cross Site Scripting Vulnerability - Windows
2016-10-13 00:00:00
Fedora Update for rubygem-activesupport FEDORA-2015-10545
2015-07-01 00:00:00
gitlab
gitlab
XSS Vulnerability in ActiveSupport::JSON.encode
2015-07-26 00:00:00
ibm
ibm
github
github
activesupport Cross-site Scripting vulnerability
2017-10-24 18:33:36
osv
osv
activesupport Cross-site Scripting vulnerability
2017-10-24 18:33:36
ubuntucve
ubuntucve
CVE-2015-3226
2015-07-26 00:00:00
prion
prion
Cross site scripting
2015-07-26 22:59:00
nessus
nessus
Fedora 21 : rubygem-activesupport-4.1.5-2.fc21 (2015-10545)
2015-07-01 00:00:00
Fedora 22 : rubygem-activesupport-4.2.0-2.fc22 (2015-10538)
2015-07-01 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: rubygem-activesupport-4.2.0-2.fc22
2015-06-30 20:18:47
[SECURITY] Fedora 21 Update: rubygem-activesupport-4.1.5-2.fc21
2015-06-30 20:19:18
freebsd
freebsd
rubygem-rails -- multiple vulnerabilities
2015-06-16 00:00:00
debian
debian
[SECURITY] [DSA 3464-1] rails security update
2016-01-31 18:43:51
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
65.1%
Related for DEBIANCVE:CVE-2015-3226