MEDIUM

GHSA-8qrh-h9m2-5fvf

Cross site scripting that affects rails

상세

Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

RubyGems / actionpack

최초 영향 버전: 2.0.0 수정 버전: 2.2.3

수정 bundle update actionpack

RubyGems / actionpack

최초 영향 버전: 2.3.0 수정 버전: 2.3.4

수정 bundle update actionpack

RubyGems / activesupport

최초 영향 버전: 2.0.0 수정 버전: 2.2.3

수정 bundle update activesupport

RubyGems / activesupport

최초 영향 버전: 2.3.0 수정 버전: 2.3.4

수정 bundle update activesupport

참고

https://nvd.nist.gov/vuln/detail/CVE-2009-3009 [ADVISORY]
https://exchange.xforce.ibmcloud.com/vulnerabilities/53036 [WEB]
https://github.com/advisories/GHSA-8qrh-h9m2-5fvf [ADVISORY]
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2009-3009.yml [WEB]
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063 [WEB]
http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source [WEB]
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html [WEB]
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html [WEB]
http://secunia.com/advisories/36600 [WEB]
http://secunia.com/advisories/36717 [WEB]
http://securitytracker.com/id?1022824 [WEB]
http://support.apple.com/kb/HT4077 [WEB]
http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails [WEB]
http://www.debian.org/security/2009/dsa-1887 [WEB]
http://www.osvdb.org/57666 [WEB]
http://www.securityfocus.com/bid/36278 [WEB]
http://www.vupen.com/english/advisories/2009/2544 [WEB]