Lucene search

K

Ubuntu.comUB:CVE-2011-2197

HistoryJun 30, 2011 - 12:00 a.m.

CVE-2011-2197

2011-06-3000:00:00

ubuntu.com

ubuntu.com

12

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

71.6%

The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x
before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not
properly handle mutation of safe buffers, which makes it easier for remote
attackers to conduct XSS attacks via crafted strings to an application that
uses a problematic string method, as demonstrated by the sub method.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634990>

Notes

Author	Note
mdeslaur	we don’t ship the rails_xss plugin

References

weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications

launchpad.net/bugs/cve/CVE-2011-2197

nvd.nist.gov/vuln/detail/CVE-2011-2197

security-tracker.debian.org/tracker/CVE-2011-2197

www.cve.org/CVERecord?id=CVE-2011-2197

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

71.6%

Related for UB:CVE-2011-2197

nessus2 prion1 openvas15 cve1 debiancve1 gitlab2 fedora7 osv1 github1