logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2016-6316

Description

Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers. #### Bugs * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155> #### Notes Author| Note ---|--- [seth-arnold](<https://launchpad.net/~seth-arnold>) | In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward [mdeslaur](<https://launchpad.net/~mdeslaur>) | The GnuPG project used this CVE number by mistake when doing an announcement. The GnuPG issue is actually CVE-2016-6313.


Affected Package


OS OS Version Package Name Package Version
ubuntu upstream rails any
ubuntu 14.04 rails-4.0 any
ubuntu upstream rails-4.0 any
ubuntu 12.04 ruby-actionpack-2.3 any
ubuntu 14.04 ruby-actionpack-3.2 any
ubuntu upstream ruby-actionpack-3.2 any
ubuntu upstream ruby-activemodel-3.2 any
ubuntu 12.04 ruby-activerecord-2.3 any
ubuntu upstream ruby-activerecord-3.2 any
ubuntu 12.04 ruby-activesupport-2.3 any
ubuntu upstream ruby-activesupport-3.2 any
ubuntu 12.04 ruby-rails-2.3 any
ubuntu 14.04 ruby-rails-3.2 any
ubuntu upstream ruby-rails-3.2 any

Related