PT-2021-8345 · Rails · Rails
Torben Schulz
·
Published
2021-10-19
·
Updated
2022-04-22
·
CVE-2011-1497
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Rails versions prior to 3.0.6
Description
A cross-site scripting issue was found in the
auto link function. This affects the ability to properly handle user input, potentially leading to malicious script execution.Recommendations
For versions prior to 3.0.6, update to version 3.0.6 or later to resolve the issue. As a temporary workaround, consider disabling the
auto link function until a patch is available.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rails