Lucene search

GitHub Advisory DatabaseGHSA-QV8P-V9QW-WC7G

HistoryOct 24, 2017 - 6:33 p.m.

activesupport Cross-site Scripting vulnerability

2017-10-2418:33:38

CWE-79

GitHub Advisory Database

github.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

63.9%

JSON

Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.

CPENameOperatorVersion
activesupportlt3.2.2
activesupportlt3.1.4
activesupportlt3.0.12

Name	Operator	Version
activesupport	lt	3.2.2
activesupport	lt	3.1.4
activesupport	lt	3.0.12

References

groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain

lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html

weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released

www.openwall.com/lists/oss-security/2012/03/02/6

www.openwall.com/lists/oss-security/2012/03/03/1

bugzilla.redhat.com/show_bug.cgi?id=799275

github.com/advisories/GHSA-qv8p-v9qw-wc7g

nvd.nist.gov/vuln/detail/CVE-2012-1098

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

63.9%

JSON

Related for GHSA-QV8P-V9QW-WC7G