15 matches found
RHEL 6 : rubygem-actionpack and ruby193-rubygem-actionpack (RHSA-2013:0698)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0698 advisory. Ruby on Rails is a modelviewcontroller MVC framework for web application development. Action Pack implements the controller and the view...
openSUSE Security Update : rubygem-actionpack-2_3 (openSUSE-SU-2013:0662-1)
Changes in rubygem-actionpack-23 : - add 2 patches to fix security issues : - bug-8099352-3-csssanitize.patch: CVE-2013-1855: rubygem-actionpack: XSS vulnerability in sanitizecss in Action Pack bnc809935 - bug-8099402-3-sanitizeprotocol.patch: CVE-2013-1857: rubygem-actionpack: XSS Vulnerability ...
FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)
Ruby on Rails team reports : Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed : - CVE-2013-1854 Symbol DoS vulnerability in Active Record - CVE-2013-185...
Fedora Update for rubygem-actionpack FEDORA-2013-4199
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for rubygem-actionpack FEDORA-2013-4214
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 18 : rubygem-actionpack-3.2.8-3.fc18 (2013-4214)
Fix for CVE-2013-1855 and CVE-2013-1857. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
Fedora 17 : rubygem-actionpack-3.0.11-9.fc17 (2013-4199)
Fix for CVE-2013-1855 and CVE-2013-1857. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
[SECURITY] [DSA 2655-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2655-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 28, 2013 http://www.debian.org/security/faq -...
Ruby on Rails 'sanitize_css()'方法跨站脚本漏洞(CVE-2013-1855)
BUGTRAQ ID: 58552 CVECAN ID: CVE-2013-1855 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 2.3.18, 3.1.12, 3.2.13之前版本在Action Pack内的sanitizecss中存在XSS漏洞,特制的文本可以绕过sanitizecss方法提供的过滤,攻击者可利用此漏洞在浏览器中执行任意脚本代码。 0 Ruby on Rails 3.x Ruby on Rails 2.x 临时解决方法:...
CVE-2013-1855
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...
CVE-2013-1855
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...
CVE-2013-1855
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...
CVE-2013-1855
The CVE-2013-1855 entry concerns a cross-site scripting flaw in Rails’ Action Pack sanitize_css in lib/action_controller/vendor/html-scanner/html/sanitizer.rb. The issue arises from improper handling of newline characters in CSS token sequences, enabling remote XSS via crafted CSS. Affected Rails...
CVE-2013-1855
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...
CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...