Sha256: af990b1ded6b5e178662d7da9758fb782f0bd6337e785508c27b270edeedc238

Contents?: true

Size: 616 Bytes

Versions: 3

Compression:

Stored size: 616 Bytes

Contents

---
gem: actionpack
framework: rails
cve: 2013-6415
osvdb: 100524
url: https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0
title: XSS Vulnerability in number_to_currency
date: 2013-12-03

description: |
  There is an XSS vulnerability in the number_to_currency helper in Ruby on Raile.
  The number_to_currency helper allows users to nicely format a numeric value. One
  of the parameters to the helper (unit) is not escaped correctly.  Applications
  which pass user controlled data as the unit parameter are vulnerable to an XSS attack.

cvss_v2: 

patched_versions:
  - ~> 3.2.16
  - ">= 4.0.2"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.4.0 data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml
bundler-audit-0.3.1 data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml
mrjoy-bundler-audit-0.3.3 data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml