GHSA-7g65-ghrg-hpf5

Source

https://github.com/advisories/GHSA-7g65-ghrg-hpf5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-7g65-ghrg-hpf5/GHSA-7g65-ghrg-hpf5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-7g65-ghrg-hpf5

Aliases

CVE-2012-3465

Published

2017-10-24T18:33:37Z

Modified

2024-11-30T05:24:53.855215Z

Summary

actionpack Cross-site Scripting vulnerability

Details

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

Database specific

{
    "nvd_published_at": "2012-08-10T10:34:47Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:22:45Z"
}

References

Affected packages

RubyGems / actionpack

Package

Name: actionpack
Purl: pkg:gem/actionpack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.17

Affected versions

0.*

0.9.0

0.9.5

1.*

1.0.0

1.0.1

1.1.0

1.2.0

1.3.0

1.3.1

1.4.0

1.5.0

1.5.1

1.6.0

1.7.0

1.8.0

1.8.1

1.9.0

1.9.1

1.10.1

1.10.2

1.11.0

1.11.1

1.11.2

1.12.0

1.12.1

1.12.2

1.12.3

1.12.4

1.12.5

1.13.0

1.13.1

1.13.2

1.13.3

1.13.4

1.13.5

1.13.6

2.*

2.0.0

2.0.1

2.0.2

2.0.4

2.0.5

2.1.0

2.1.1

2.1.2

2.2.2

2.2.3

2.3.2

2.3.3

2.3.4

2.3.5

2.3.6

2.3.7

2.3.8.pre1

2.3.8

2.3.9.pre

2.3.9

2.3.10

2.3.11

2.3.12

2.3.14

2.3.15

2.3.16

2.3.17

2.3.18

3.*

3.0.0.beta

3.0.0.beta2

3.0.0.beta3

3.0.0.beta4

3.0.0.rc

3.0.0.rc2

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4.rc1

3.0.4

3.0.5.rc1

3.0.5

3.0.6.rc1

3.0.6.rc2

3.0.6

3.0.7.rc1

3.0.7.rc2

3.0.7

3.0.8.rc1

3.0.8.rc2

3.0.8.rc4

3.0.8

3.0.9.rc1

3.0.9.rc3

3.0.9.rc4

3.0.9.rc5

3.0.9

3.0.10.rc1

3.0.10

3.0.11

3.0.12.rc1

3.0.12

3.0.13.rc1

3.0.13

3.0.14

3.0.15

3.0.16

RubyGems / actionpack

Package

Name: actionpack
Purl: pkg:gem/actionpack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.1.8

Affected versions

3.*

3.1.0

3.1.1.rc1

3.1.1.rc2

3.1.1.rc3

3.1.1

3.1.2.rc1

3.1.2.rc2

3.1.2

3.1.3

3.1.4.rc1

3.1.4

3.1.5.rc1

3.1.5

3.1.6

3.1.7

RubyGems / actionpack

Package

Name: actionpack
Purl: pkg:gem/actionpack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.2.0

Fixed

3.2.8

Affected versions

3.*

3.2.0

3.2.1

3.2.2.rc1

3.2.2

3.2.3.rc1

3.2.3.rc2

3.2.3

3.2.4.rc1

3.2.4

3.2.5

3.2.6

3.2.7.rc1

3.2.7

3.2.8.rc1

3.2.8.rc2