Sha256: f60eeb4853a2b968459d4be76402f37a891c2a3d8fcb67a56fafac7bd4b600a0

Contents?: true

Size: 619 Bytes

Versions: 6

Compression:

Stored size: 619 Bytes

Contents

---
gem: actionpack
framework: rails
cve: 2013-6415
osvdb: 100524
url: https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0
title: XSS Vulnerability in number_to_currency
date: 2013-12-03

description: |
  There is an XSS vulnerability in the number_to_currency helper in Ruby on Raile.
  The number_to_currency helper allows users to nicely format a numeric value. One
  of the parameters to the helper (unit) is not escaped correctly.  Applications
  which pass user controlled data as the unit parameter are vulnerable to an XSS attack.

cvss_v2: 4.3

patched_versions:
  - ~> 3.2.16
  - ">= 4.0.2"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/actionpack/OSVDB-100524.yml