Lucene search

[email protected]CVE-2011-2932

HistoryAug 29, 2011 - 6:55 p.m.

CVE-2011-2932

2011-08-2918:55:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-2932

cross-site scripting

xss

ruby on rails

unicode string

remote attackers

web script

html

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.1%

JSON

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a “UTF-8 escaping vulnerability.”

Affected configurations

NVD

Node

rubyonrailsrailsMatch2.0.0

rubyonrailsrailsMatch2.0.0rc1

rubyonrailsrailsMatch2.0.0rc2

rubyonrailsrailsMatch2.0.1

rubyonrailsrailsMatch2.0.2

rubyonrailsrailsMatch2.0.4

rubyonrailsrailsMatch2.1.0

rubyonrailsrailsMatch2.1.1

rubyonrailsrailsMatch2.1.2

rubyonrailsrailsMatch2.2.0

rubyonrailsrailsMatch2.2.1

rubyonrailsrailsMatch2.2.2

rubyonrailsrailsMatch2.3.2

rubyonrailsrailsMatch2.3.3

rubyonrailsrailsMatch2.3.4

rubyonrailsrailsMatch2.3.9

rubyonrailsrailsMatch2.3.10

rubyonrailsrailsMatch2.3.11

rubyonrailsrailsMatch2.3.12

rubyonrailsrailsMatch3.0.0

rubyonrailsrailsMatch3.0.0beta

rubyonrailsrailsMatch3.0.0beta2

rubyonrailsrailsMatch3.0.0beta3

rubyonrailsrailsMatch3.0.0beta4

rubyonrailsrailsMatch3.0.0rc

rubyonrailsrailsMatch3.0.0rc2

rubyonrailsrailsMatch3.0.1

rubyonrailsrailsMatch3.0.1pre

rubyonrailsrailsMatch3.0.2

rubyonrailsrailsMatch3.0.2pre

rubyonrailsrailsMatch3.0.3

rubyonrailsrailsMatch3.0.4rc1

rubyonrailsrailsMatch3.0.5

rubyonrailsrailsMatch3.0.5rc1

rubyonrailsrailsMatch3.0.6

rubyonrailsrailsMatch3.0.6rc1

rubyonrailsrailsMatch3.0.6rc2

rubyonrailsrailsMatch3.0.7

rubyonrailsrailsMatch3.0.7rc1

rubyonrailsrailsMatch3.0.7rc2

rubyonrailsrailsMatch3.0.8

rubyonrailsrailsMatch3.0.8rc1

rubyonrailsrailsMatch3.0.8rc2

rubyonrailsrailsMatch3.0.8rc3

rubyonrailsrailsMatch3.0.8rc4

rubyonrailsrailsMatch3.0.9

rubyonrailsrailsMatch3.0.9rc1

rubyonrailsrailsMatch3.0.9rc2

rubyonrailsrailsMatch3.0.9rc3

rubyonrailsrailsMatch3.0.9rc4

rubyonrailsrailsMatch3.0.9rc5

rubyonrailsrailsMatch3.0.10rc1

rubyonrailsrailsMatch3.1.0

rubyonrailsrailsMatch3.1.0beta1

rubyonrailsrailsMatch3.1.0rc1

rubyonrailsrailsMatch3.1.0rc2

rubyonrailsrailsMatch3.1.0rc3

rubyonrailsrailsMatch3.1.0rc4

rubyonrailsruby_on_railsMatch3.0.4

CPENameOperatorVersion
rubyonrails:railsrubyonrails railseq2.0.0
rubyonrails:railsrubyonrails railseq2.0.1
rubyonrails:railsrubyonrails railseq2.0.2
rubyonrails:railsrubyonrails railseq2.0.4
rubyonrails:railsrubyonrails railseq2.1.0
rubyonrails:railsrubyonrails railseq2.1.1
rubyonrails:railsrubyonrails railseq2.1.2
rubyonrails:railsrubyonrails railseq2.2.0
rubyonrails:railsrubyonrails railseq2.2.1
rubyonrails:railsrubyonrails railseq2.2.2

CPE	Name	Operator	Version
rubyonrails:rails	rubyonrails rails	eq	2.0.0
rubyonrails:rails	rubyonrails rails	eq	2.0.1
rubyonrails:rails	rubyonrails rails	eq	2.0.2
rubyonrails:rails	rubyonrails rails	eq	2.0.4
rubyonrails:rails	rubyonrails rails	eq	2.1.0
rubyonrails:rails	rubyonrails rails	eq	2.1.1
rubyonrails:rails	rubyonrails rails	eq	2.1.2
rubyonrails:rails	rubyonrails rails	eq	2.2.0
rubyonrails:rails	rubyonrails rails	eq	2.2.1
rubyonrails:rails	rubyonrails rails	eq	2.2.2