[Unknown description]
Author | Note |
---|---|
seth-arnold | In Oneiric-Saucy, rails package is just for transition; The rails package contains actual code from vivid onward |
discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468
github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd (v6.1.7.3)
launchpad.net/bugs/cve/CVE-2023-23913
nvd.nist.gov/vuln/detail/CVE-2023-23913
security-tracker.debian.org/tracker/CVE-2023-23913
www.cve.org/CVERecord?id=CVE-2023-23913