5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
74.4%
Two vulnerabilities were discovered in Ruby on Rails, a web
application framework. The Common Vulnerabilities and Exposures
project identifies the following problems:
The cookie store may be vulnerable to a timing attack,
potentially allowing remote attackers to forge message
digests.
A cross-site scripting vulnerability in the strip_tags
function allows remote user-assisted attackers to inject
arbitrary web script.
For the oldstable distribution (lenny), these problems have been fixed
in version 2.1.0-7+lenny0.2.
For the other distributions, these problems have been fixed in version
2.2.3-2.
We recommend that you upgrade your rails packages.