4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
70.0%
Ruby on Rails is a model–view–controller (MVC) framework for web
application development. Action Pack implements the controller and the view
components.
Two cross-site scripting (XSS) flaws were found in rubygem-actionpack and
ruby193-rubygem-actionpack. A remote attacker could use these flaws to
conduct XSS attacks against users of an application using
rubygem-actionpack or ruby193-rubygem-actionpack. (CVE-2013-1855,
CVE-2013-1857)
Red Hat would like to thank Ruby on Rails upstream for reporting these
issues. Upstream acknowledges Charlie Somerville as the original reporter
of CVE-2013-1855, and Alan Jenkins as the original reporter of
CVE-2013-1857.
Users of Red Hat OpenShift Enterprise 1.1.3 are advised to upgrade to these
updated packages, which correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | rubygem-actionpack | < 3.0.13-8.el6op | rubygem-actionpack-3.0.13-8.el6op.src.rpm |
RedHat | 6 | noarch | ruby193-rubygem-actionpack | < 3.2.8-5.el6 | ruby193-rubygem-actionpack-3.2.8-5.el6.noarch.rpm |
RedHat | 6 | noarch | ruby193-rubygem-actionpack-doc | < 3.2.8-5.el6 | ruby193-rubygem-actionpack-doc-3.2.8-5.el6.noarch.rpm |
RedHat | 6 | noarch | rubygem-actionpack | < 3.0.13-8.el6op | rubygem-actionpack-3.0.13-8.el6op.noarch.rpm |
RedHat | 6 | src | ruby193-rubygem-actionpack | < 3.2.8-5.el6 | ruby193-rubygem-actionpack-3.2.8-5.el6.src.rpm |