GHSA-8qrh-h9m2-5fvf

Source

https://github.com/advisories/GHSA-8qrh-h9m2-5fvf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-8qrh-h9m2-5fvf/GHSA-8qrh-h9m2-5fvf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8qrh-h9m2-5fvf

Aliases

CVE-2009-3009

Published

2017-10-24T18:33:38Z

Modified

2024-12-07T05:35:41.857945Z

Summary

Cross site scripting that affects rails

Details

Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

Database specific

{
    "nvd_published_at": "2009-09-08T18:30:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:26:29Z"
}

References

Affected packages

RubyGems / actionpack

Package

Name: actionpack
Purl: pkg:gem/actionpack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.2.3

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.4

2.0.5

2.1.0

2.1.1

2.1.2

2.2.2

RubyGems / actionpack

Package

Name: actionpack
Purl: pkg:gem/actionpack

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.4

Affected versions

2.*

2.3.2

2.3.3

RubyGems / activesupport

Package

Name: activesupport
Purl: pkg:gem/activesupport

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.2.3

Affected versions

2.*

2.0.0

2.0.1

2.0.2

2.0.4

2.0.5

2.1.0

2.1.1

2.1.2

2.2.2

RubyGems / activesupport

Package

Name: activesupport
Purl: pkg:gem/activesupport

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.4

Affected versions

2.*

2.3.2

2.3.3