Sha256: a423b8c3472246c4206af143438f45160baa8f948b77b1df9dad169ad8ad77d1

Contents?: true

Size: 799 Bytes

Versions: 3

Compression:

Stored size: 799 Bytes

Contents

---
gem: actionpack
framework: rails
cve: 2013-6416
osvdb: 100526
url: https://groups.google.com/forum/#!topic/ruby-security-ann/5ZI1-H5OoIM
title: XSS Vulnerability in simple_format helper
date: 2013-12-03

description: |
  There is a vulnerability in the simple_format helper in Ruby on Rails.
  The simple_format helper converts user supplied text into html text 
  which is intended to be safe for display. A change made to the 
  implementation of this helper means that any user provided HTML 
  attributes will not be escaped correctly. As a result of this error, 
  applications which pass user-controlled data to be included as html 
  attributes will be vulnerable to an XSS attack.

cvss_v2: 

unaffected_versions:
  - ~> 2.3.0
  - ~> 3.1.0
  - ~> 3.2.0

patched_versions:
  - ">= 4.0.2"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/actionpack/OSVDB-100526.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/actionpack/OSVDB-100526.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/actionpack/OSVDB-100526.yml