Project

General

Profile

Bug #1743

Multiple vulnerabilities in ruby-rails < 3.2.13 allow cross-site scripting

Added by Leonardo Arena about 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
High
Assignee:
-
Category:
Security
Target version:
Start date:
03/29/2013
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.


Subtasks

Bug #1744: Multiple vulnerabilities in ruby-rails < 3.2.13 allow cross-site scriptingClosed

Bug #1745: Multiple vulnerabilities in ruby-rails < 2.3.18 allow cross-site scriptingClosed

Bug #1746: Multiple vulnerabilities in ruby-rails < 2.3.18 allow cross-site scriptingClosed

History

#2 Updated by Natanael Copa about 6 years ago

  • Status changed from New to Resolved

#3 Updated by Natanael Copa about 6 years ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF