GHSA-h835-75hw-pj89
Suggest an improvement- Source
- https://github.com/advisories/GHSA-h835-75hw-pj89
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-h835-75hw-pj89/GHSA-h835-75hw-pj89.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-h835-75hw-pj89
- Aliases
- Published
- 2017-10-24T18:33:37Z
- Modified
- 2025-01-21T17:08:39.183072Z
- Summary
- activesupport Cross-site Scripting vulnerability
- Details
-
Cross-site scripting (XSS) vulnerability in
activesupport/lib/active_support/core_ext/string/output_safety.rbin Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character. - Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-79" ], "github_reviewed_at": "2020-06-16T21:39:28Z", "nvd_published_at": "2012-08-10T10:34:47Z", "severity": "MODERATE" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2012-3464
- https://github.com/rails/rails/issues/7215
- https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce
- https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23
- https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870
- https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc
- https://github.com/advisories/GHSA-h835-75hw-pj89
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml
- https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain
- http://rhn.redhat.com/errata/RHSA-2013-0154.html
- http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
Affected packages
RubyGems / activesupport
Package
- Name
- activesupport
- Purl
- pkg:gem/activesupport
Affected versions
3.*
3.0.0.beta
3.0.0.beta2
3.0.0.beta3
3.0.0.beta4
3.0.pre
3.0.0.rc
3.0.0.rc2
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4.rc1
3.0.4
3.0.5.rc1
3.0.5
3.0.6.rc1
3.0.6.rc2
3.0.6
3.0.7.rc1
3.0.7.rc2
3.0.7
3.0.8.rc1
3.0.8.rc2
3.0.8.rc4
3.0.8
3.0.9.rc1
3.0.9.rc3
3.0.9.rc4
3.0.9.rc5
3.0.9
3.0.10.rc1
3.0.10
3.0.11
3.0.12.rc1
3.0.12
3.0.13.rc1
3.0.13
3.0.14
3.0.15
3.0.16
RubyGems / activesupport
Package
- Name
- activesupport
- Purl
- pkg:gem/activesupport
RubyGems / activesupport
Package
- Name
- activesupport
- Purl
- pkg:gem/activesupport
RubyGems / activesupport
Package
- Name
- activesupport
- Purl
- pkg:gem/activesupport
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.3.16
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.1.0
1.1.1
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.3.0
1.3.1
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
2.*
2.0.0
2.0.1
2.0.2
2.0.4
2.0.5
2.1.0
2.1.1
2.1.2
2.2.2
2.2.3
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6.pre
2.3.6
2.3.7
2.3.8.pre1
2.3.8
2.3.9.pre
2.3.9
2.3.10
2.3.11
2.3.12
2.3.14
2.3.15