Ruby · Ruby On Rails · CVE-2015-3226
**Name of the Vulnerable Software and Affected Versions**
Ruby on Rails versions 3.x through 4.1.10
Ruby on Rails versions 4.2.x through 4.2.1
**Description**
A cross-site scripting (XSS) issue in the json/encoding.rb file of Active Support in Ruby on Rails allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding. This enables attackers to execute malicious code on the victim's browser.
**Recommendations**
For Ruby on Rails versions 3.x through 4.1.10, update to version 4.1.11 or later.
For Ruby on Rails versions 4.2.x through 4.2.1, update to version 4.2.2 or later.