logo
DATABASE RESOURCES PRICING ABOUT US

(RHSA-2016:1858) Moderate: ruby193-rubygem-actionpack security update

Description

Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components. Security Fix(es): * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316) Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter.


Affected Package


OS OS Version Package Name Package Version
RedHat 6 ruby193-rubygem-actionpack 3.2.8-20.el6
RedHat 7 ruby193-rubygem-actionpack 3.2.8-20.el7
RedHat 6 ruby193-rubygem-actionpack-doc 3.2.8-20.el6
RedHat 7 ruby193-rubygem-actionpack-doc 3.2.8-20.el7
RedHat 7 ruby193-rubygem-actionpack 3.2.8-20.el7
RedHat 6 ruby193-rubygem-actionpack 3.2.8-20.el6

Related