Sha256: 13e728486d8bcf20619d42cad0ba4d74bc08e07e95586ffdc00ebca161aa7ebf

Contents?: true

Size: 614 Bytes

Versions: 9

Compression:

Stored size: 614 Bytes

Contents

--- 
gem: actionpack
framework: rails
cve: 2013-1857
osvdb: 91454
url: http://osvdb.org/show/osvdb/91454
title: XSS Vulnerability in the `sanitize` helper of Ruby on Rails
date: 2013-03-19

description: | 
  The sanitize helper in Ruby on Rails is designed to
  filter HTML and remove all tags and attributes which could be
  malicious. The code which ensured that URLs only contain supported
  protocols contained several bugs which could allow an attacker to
  embed a tag containing a URL which executes arbitrary javascript
  code.

cvss_v2: 4.0

patched_versions: 
  - ~> 2.3.18
  - ~> 3.1.12
  - ">= 3.2.13"

Version data entries

9 entries across 9 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml