actionpack from the Ruby on Rails project is vulnerable to Cross-site Scripting in the Route Error Page. This issue has been patched with this commit.
This vulnerability is disputed by the Rails security team. It requires that the developer is tricked into copy pasting a malicious javascript-containing string into a development-only error page accessible only via localhost.
CPE | Name | Operator | Version |
---|---|---|---|
actionpack | eq | 0.9.0 | |
actionpack | eq | 0.9.5 | |
actionpack | eq | 1.0.0 | |
actionpack | eq | 1.0.1 | |
actionpack | eq | 1.1.0 | |
actionpack | eq | 1.10.1 | |
actionpack | eq | 1.10.2 | |
actionpack | eq | 1.11.0 | |
actionpack | eq | 1.11.1 | |
actionpack | eq | 1.11.2 |