PT-2012-4735 · Ruby+1 · Ruby On Rails+1

Publicado

2012-08-10

·

Atualizado

2019-08-08

·

CVE-2012-3465

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Ruby on Rails versions prior to 2.3.16 Ruby on Rails versions 3.0.x through 3.0.16 Ruby on Rails versions 3.1.x through 3.1.7 Ruby on Rails versions 3.2.x through 3.2.7
Description A cross-site scripting (XSS) issue exists in the strip tags helper in actionpack/lib/action view/helpers/sanitize helper.rb, allowing remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
Recommendations For Ruby on Rails versions prior to 2.3.16, update to version 2.3.16 or later. For Ruby on Rails versions 3.0.x through 3.0.16, update to version 3.0.17 or later. For Ruby on Rails versions 3.1.x through 3.1.7, update to version 3.1.8 or later. For Ruby on Rails versions 3.2.x through 3.2.7, update to version 3.2.8 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2012-3465
DSA-2655-1
GHSA-7G65-GHRG-HPF5
RHSA-2013:0582
SUSE-SU-2012_1367-1

Produtos afetados

Ruby On Rails
Suse