Sha256: 9d2daeb17b7ecc3c3e7291ce46f1dae5de0baaeb9c9b8977861816e54b0c5655
Contents?: true
Size: 847 Bytes
Versions: 1
Compression:
Stored size: 847 Bytes
Contents
--- gem: actionpack framework: rails cve: 2014-0081 osvdb: 103439 url: https://nvd.nist.gov/vuln/detail/CVE-2014-0081 title: XSS Vulnerability in number_to_currency, number_to_percentage and number_to_human date: 2014-02-18 description: | Ruby on Rails contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the actionpack/lib/action_view/helpers/number_helper.rb script does not validate input to the 'number_to_currency', 'number_to_percentage', and 'number_to_human' helpers before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. cvss_v2: 4.3 patched_versions: - ~> 3.2.17 - ~> 4.0.3 - ">= 4.1.0.beta2"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/actionpack/CVE-2014-0081.yml |