6 matches found
Regular Expression Denial-of-Service (ReDoS)
bleach is vulnerable to regular expression denial of service ReDoS. The vulnerability exists when parsing style attributes through sanitizecss...
FreeBSD : rubygem-rails -- multiple vulnerabilities (db0c4b00-a24c-11e2-9601-000d601460a4)
Ruby on Rails team reports : Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed : - CVE-2013-1854 Symbol DoS vulnerability in Active Record - CVE-2013-185...
Ruby on Rails 'sanitize_css()'方法跨站脚本漏洞(CVE-2013-1855)
BUGTRAQ ID: 58552 CVECAN ID: CVE-2013-1855 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 Ruby on Rails 2.3.18, 3.1.12, 3.2.13之前版本在Action Pack内的sanitizecss中存在XSS漏洞,特制的文本可以绕过sanitizecss方法提供的过滤,攻击者可利用此漏洞在浏览器中执行任意脚本代码。 0 Ruby on Rails 3.x Ruby on Rails 2.x 临时解决方法:...
CVE-2013-1855
The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...
XSS vulnerability in sanitize_css in Action Pack
Carefully crafted text can bypass the sanitization provided in the sanitizecss method in Action Pack...
rubygem-rails -- multiple vulnerabilities
Ruby on Rails team reports: Rails versions 3.2.13 has been released. This release contains important security fixes. It is recommended users upgrade as soon as possible. Four vulnerabilities have been discovered and fixed: CVE-2013-1854 Symbol DoS vulnerability in Active Record CVE-2013-1855 XSS...