Sha256: a3668426554dd42dde87697cde943413e0bac4701594a66b205058b3d1946afd

Contents?: true

Size: 844 Bytes

Versions: 6

Compression:

Stored size: 844 Bytes

Contents

---
gem: actionpack
framework: rails
cve: 2011-4319
osvdb: 77199
url: https://groups.google.com/forum/#!topic/rubyonrails-security/K2HXD7c8fMU
title: XSS vulnerability in the translate helper method in Ruby on Rails
date: 2011-11-17

description: |
  A cross-site scripting (XSS) flaw was found in the way the 'translate' helper
  method of the Ruby on Rails performed HTML escaping of interpolated user
  input, when interpolation in combination with HTML-safe translations were
  used. A remote attacker could use this flaw to execute arbitrary HTML or web
  script by providing a specially-crafted input to Ruby on Rails application,
  using the ActionPack module and its 'translate' helper method without explicit
  (application specific) sanitization of user provided input.

cvss_v2: 4.3

patched_versions:
  - "~> 3.0.11"
  - ">= 3.1.2"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/actionpack/OSVDB-77199.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/actionpack/OSVDB-77199.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/actionpack/OSVDB-77199.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/actionpack/OSVDB-77199.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/actionpack/OSVDB-77199.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/actionpack/OSVDB-77199.yml