5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.089 Low
EPSS
Percentile
94.5%
Ruby on Rails team reports:
Rails versions 3.2.13 has been released. This release
contains important security fixes. It is recommended
users upgrade as soon as possible.
Four vulnerabilities have been discovered and fixed:
(CVE-2013-1854) Symbol DoS vulnerability in Active Record
(CVE-2013-1855) XSS vulnerability in sanitize_css in Action Pack
(CVE-2013-1856) XML Parsing Vulnerability affecting JRuby users
(CVE-2013-1857) XSS Vulnerability in the sanitize
helper of Ruby on Rails
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | rubygem-rails | <Β 3.2.13 | UNKNOWN |
FreeBSD | any | noarch | rubygem-actionpack | <Β 3.2.13 | UNKNOWN |
FreeBSD | any | noarch | rubygem-activerecord | <Β 3.2.13 | UNKNOWN |
FreeBSD | any | noarch | rubygem-activesupport | <Β 3.2.13 | UNKNOWN |
weblog.rubyonrails.org/2013/3/18/SEC-ANN-Rails-3-2-13-3-1-12-and-2-3-18-have-been-released/
groups.google.com/forum/#!topic/ruby-security-ann/o0Dsdk2WrQ0
groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/4_QHo4BqnN8
groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/KZwsQbYsOiI
groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/zAAU7vGTPvI