PT-2011-4191 · Ruby+1 · Ruby On Rails+1
Tenderlove
·
Publicado
2011-08-29
·
Atualizado
2019-08-08
·
CVE-2011-2932
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Ruby on Rails versions 2.x through 2.3.12
Ruby on Rails versions 3.0.x through 3.0.9
Ruby on Rails versions 3.1.x through 3.1.0.rc4
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability" in the
activesupport/lib/active support/core ext/string/output safety.rb file. This issue affects Ruby on Rails, enabling attackers to execute malicious scripts on user browsers.Recommendations
For Ruby on Rails versions 2.x through 2.3.12, update to version 2.3.13 or later.
For Ruby on Rails versions 3.0.x through 3.0.9, update to version 3.0.10 or later.
For Ruby on Rails versions 3.1.x through 3.1.0.rc4, update to version 3.1.0.rc5 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ruby On Rails
Suse