--- gem: actionpack framework: rails cve: 2013-6415 osvdb: 100524 url: https://groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0 title: XSS Vulnerability in number_to_currency date: 2013-12-03 description: | There is an XSS vulnerability in the number_to_currency helper in Ruby on Raile. The number_to_currency helper allows users to nicely format a numeric value. One of the parameters to the helper (unit) is not escaped correctly. Applications which pass user controlled data as the unit parameter are vulnerable to an XSS attack. cvss_v2: 4.3 patched_versions: - ~> 3.2.16 - ">= 4.0.2"