The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x prior to 2.3.12, 3.0.x prior to 3.0.8, and 3.1.x prior to 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote malicious users to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
rubyonrails rails 2.2.2 |
||
rubyonrails rails 2.2.0 |
||
rubyonrails rails 2.0.4 |
||
rubyonrails rails 2.0.1 |
||
rubyonrails rails 2.3.9 |
||
rubyonrails rails 2.3.11 |
||
rubyonrails rails 2.0.0 |
||
rubyonrails rails 2.3.3 |
||
rubyonrails rails 2.3.2 |
||
rubyonrails rails 2.1.1 |
||
rubyonrails rails 2.1.2 |
||
rubyonrails rails 2.1.0 |
||
rubyonrails rails 2.3.10 |
||
rubyonrails rails 2.2.1 |
||
rubyonrails rails 2.0.2 |
||
rubyonrails rails 2.3.4 |
||
rubyonrails rails 3.0.0 |
||
rubyonrails rails 3.0.1 |
||
rubyonrails rails 3.0.5 |
||
rubyonrails rails 3.0.6 |
||
rubyonrails rails 3.0.7 |
||
rubyonrails rails 3.0.8 |
||
rubyonrails rails 3.0.2 |
||
rubyonrails rails 3.0.3 |
||
rubyonrails ruby on rails 3.0.4 |
||
rubyonrails rails 3.0.4 |
||
rubyonrails rails 3.1.0 |
Vulmon