logo
DATABASE RESOURCES PRICING ABOUT US

Debian DSA-3651-1 : rails - security update

Description

Andrew Carpenter of Critical Juncture discovered a cross-site scripting vulnerability affecting Action View in rails, a web application framework written in Ruby. Text declared as 'HTML safe' will not have quotes escaped when used as attribute values in tag helpers.


Related