Sha256: 751bbce945415a98ae2d87d1d83f1955ada7301e7a8d3faf0d02e3f7e55bc910

Contents?: true

Size: 611 Bytes

Versions: 5

Compression:

Stored size: 611 Bytes

Contents

---
gem: actionpack
framework: rails
cve: 2013-1857
osvdb: 91454
url: http://osvdb.org/show/osvdb/91454
title: XSS Vulnerability in the `sanitize` helper of Ruby on Rails
date: 2013-03-19

description: |
  The sanitize helper in Ruby on Rails is designed to
  filter HTML and remove all tags and attributes which could be
  malicious. The code which ensured that URLs only contain supported
  protocols contained several bugs which could allow an attacker to
  embed a tag containing a URL which executes arbitrary javascript
  code.

cvss_v2: 4.3

patched_versions:
  - ~> 2.3.18
  - ~> 3.1.12
  - ">= 3.2.13"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/actionpack/OSVDB-91454.yml