Lucene search

K

GoogleOSV:GHSA-6H5Q-96HP-9JGM

HistoryOct 24, 2017 - 6:33 p.m.

actionpack vulnerable to Cross-site Scripting

2017-10-2418:33:36

Google

osv.dev

23

0.003 Low

EPSS

Percentile

70.7%

Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.

CPENameOperatorVersion
actionpackeq3.1.0.rc2
actionpackeq3.1.1.rc1
actionpackeq3.2.6
actionpackeq3.2.14.rc2
actionpackeq3.0.19
actionpackeq3.0.12
actionpackeq3.2.15.rc1
actionpackeq4.0.1.rc3
actionpackeq3.0.17
actionpackeq3.0.14

Rows per page:

1-10 of 1061

References

lists.opensuse.org/opensuse-updates/2013-12/msg00079.html

lists.opensuse.org/opensuse-updates/2013-12/msg00080.html

lists.opensuse.org/opensuse-updates/2013-12/msg00081.html

lists.opensuse.org/opensuse-updates/2013-12/msg00082.html

lists.opensuse.org/opensuse-updates/2014-01/msg00003.html

lists.opensuse.org/opensuse-updates/2014-01/msg00013.html

rhn.redhat.com/errata/RHSA-2013-1794.html

rhn.redhat.com/errata/RHSA-2014-0008.html

rhn.redhat.com/errata/RHSA-2014-1863.html

weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

www.debian.org/security/2014/dsa-2888

github.com/advisories/GHSA-6h5q-96hp-9jgm

github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2013-6415.yml

groups.google.com/forum/#!topic/ruby-security-ann/9WiRn2nhfq0

groups.google.com/forum/message/raw?msg=ruby-security-ann/9WiRn2nhfq0/2K2KRB4LwCMJ

nvd.nist.gov/vuln/detail/CVE-2013-6415

puppet.com/security/cve/cve-2013-6415

web.archive.org/web/20131206180005/www.securityfocus.com/bid/64077

0.003 Low

EPSS

Percentile

70.7%

Related for OSV:GHSA-6H5Q-96HP-9JGM

nessus11 cve1 gitlab1 prion1 github1 cvelist1 debiancve1 nvd1 ubuntucve1 openvas13 redhat3 securityvulns2 debian1 fedora7 freebsd1