logo
DATABASE RESOURCES PRICING ABOUT US

Rails 4 -- Possible XSS Vulnerability in Action View

Description

Ruby Security team reports: There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. This vulnerability has been assigned the CVE identifier CVE-2016-6316.


Affected Package


OS OS Version Package Name Package Version
FreeBSD any rubygem-actionview 4.2.7.1

Related