Sha256: 41816c8709b2fb240a9bec3f7ab303b6bd3ea84b0117982279c8863e4e47cfdc

Contents?: true

Size: 665 Bytes

Versions: 14

Compression:

Stored size: 665 Bytes

Contents

--- 
gem: activesupport
framework: rails
cve: 2012-3464
osvdb: 84516
url: http://www.osvdb.org/show/osvdb/84516
title: Ruby on Rails HTML Escaping Code XSS
date: 2012-08-09

description: |
  Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS)
  attack. This flaw exists because the HTML escaping code functionality does
  not properly escape a single quote character. This may allow a user to create
  a specially crafted request that would execute arbitrary script code in a
  user's browser within the trust relationship between their browser and the
  server.

cvss_v2: 4.3

patched_versions: 
  - ~> 3.0.17
  - ~> 3.1.8
  - ">= 3.2.8"

Version data entries

14 entries across 14 versions & 3 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
bundler-audit-0.4.0 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
mrjoy-bundler-audit-0.3.2 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
mrjoy-bundler-audit-0.3.1 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
bundler-audit-0.3.0 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
mrjoy-bundler-audit-0.2.1 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
bundler-audit-0.2.0 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml
mrjoy-bundler-audit-0.1.4 data/ruby-advisory-db/gems/activesupport/OSVDB-84516.yml