CVE-2012-1098

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2012-1098

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2012-1098.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2012-1098

Aliases

GHSA-qv8p-v9qw-wc7g

Downstream

DEBIAN-CVE-2012-1098

Published

2012-03-13T10:55:01Z

Modified

2026-04-10T03:42:13.488875Z

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.

References

http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released
https://bugzilla.redhat.com/show_bug.cgi?id=799275
http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html
http://www.openwall.com/lists/oss-security/2012/03/02/6
http://www.openwall.com/lists/oss-security/2012/03/03/1

CVE-2012-1098

Affected packages