Contents

--- 
gem: activesupport
framework: rails
cve: 2012-1098
osvdb: 79726
url: http://osvdb.org/79726
title: Ruby on Rails SafeBuffer Object [] Direct Manipulation XSS
date: 2012-03-01

description: |
  Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS)
  attack. This flaw exists because athe application does not validate direct
  manipulations of SafeBuffer objects via '[]' and other methods. This may
  allow a user to create a specially crafted request that would execute
  arbitrary script code in a user's browser within the trust relationship
  between their browser and the server.

cvss_v2: 4.3

unaffected_versions:
  - "< 3.0.0"

patched_versions: 
  - ~> 3.0.12
  - ~> 3.1.4
  - ">= 3.2.2"

Version data entries

14 entries across 14 versions & 3 rubygems

Version	Path
bundler-budit-0.6.2	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
bundler-budit-0.6.1	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
bundler-audit-0.6.1	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
bundler-audit-0.6.0	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
bundler-audit-0.5.0	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
bundler-audit-0.4.0	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
bundler-audit-0.3.1	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
mrjoy-bundler-audit-0.3.3	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
mrjoy-bundler-audit-0.3.2	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
mrjoy-bundler-audit-0.3.1	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
bundler-audit-0.3.0	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
mrjoy-bundler-audit-0.2.1	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
bundler-audit-0.2.0	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml
mrjoy-bundler-audit-0.1.4	data/ruby-advisory-db/gems/activesupport/OSVDB-79726.yml