Release date:
Updated on:
Affected Systems:
Ruby on Rails 3.x
Ruby on Rails 2.x
Ruby on Rails 1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54958
Cve id: CVE-2012-3464
Ruby on Rails (RoR or Rails) is an open-source Web application framework written in Ruby. It is developed in strict accordance with the MVC structure.
Ruby on Rails 3.0.17 3. version x, version 3.1.x earlier than 3.1.8, and version aactivesupport/lib/active_support/core_ext/string/output_safety.rb earlier than 3.2.8 have the XSS vulnerability in implementation, attackers can inject arbitrary Web scripts or HTML code into a unit number.
<* Source: vendor
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Ruby on Rails
-------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.rubyonrails.com/