MEDIUM
GHSA-7g65-ghrg-hpf5
actionpack Cross-site Scripting vulnerability
Details
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.
Are you affected?
Enter the version of the package you're using.
Affected packages
References
- https://nvd.nist.gov/vuln/detail/CVE-2012-3465 [ADVISORY]
- https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77 [WEB]
- https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a [WEB]
- https://github.com/rails/rails [PACKAGE]
- https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain [WEB]
- http://rhn.redhat.com/errata/RHSA-2013-0154.html [WEB]
- http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released [WEB]