Lucene search
RedHatRHSA-2016:1856HistorySep 13, 2016 - 9:50 a.m.
(RHSA-2016:1856) Moderate: rh-ror41-rubygem-actionview security update
2016-09-1309:50:58
access.redhat.com
11
0.003 Low
EPSS
Percentile
69.9%
Ruby on Rails is a model-view-controller (MVC) framework for web application development. Action View implements the view component.
Security Fix(es):
- It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack. (CVE-2016-6316)
Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 6 | noarch | rh-ror41-rubygem-actionview-doc | < 4.1.5-6.el6 | rh-ror41-rubygem-actionview-doc-4.1.5-6.el6.noarch.rpm |
| RedHat | 7 | noarch | rh-ror41-rubygem-actionview | < 4.1.5-6.el7 | rh-ror41-rubygem-actionview-4.1.5-6.el7.noarch.rpm |
| RedHat | 6 | noarch | rh-ror41-rubygem-actionview | < 4.1.5-6.el6 | rh-ror41-rubygem-actionview-4.1.5-6.el6.noarch.rpm |
| RedHat | 7 | noarch | rh-ror41-rubygem-actionview-doc | < 4.1.5-6.el7 | rh-ror41-rubygem-actionview-doc-4.1.5-6.el7.noarch.rpm |
Related
redhat
redhat
(RHSA-2016:1858) Moderate: ruby193-rubygem-actionpack security update
2016-09-13 09:51:35
(RHSA-2016:1857) Moderate: ror40-rubygem-actionpack security update
2016-09-13 09:51:16
(RHSA-2016:1855) Moderate: rh-ror42 security update
2016-09-13 09:49:49
openvas
openvas
Debian: Security Advisory (DSA-3651-1)
2016-08-24 00:00:00
Ruby on Rails Action View Cross Site Scripting Vulnerability - Windows
2016-10-13 00:00:00
Fedora Update for rubygem-actionview FEDORA-2016-0d9890f7b5
2016-08-27 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: rubygem-actionview-4.2.3-6.fc23
2016-08-26 12:50:04
[SECURITY] Fedora 24 Update: rubygem-actionview-4.2.5.2-3.fc24
2016-08-26 10:24:48
[SECURITY] Fedora 25 Update: rubygem-actioncable-5.0.0.1-1.fc25
2016-08-27 11:11:22
debiancve
debiancve
CVE-2016-6316
2016-09-07 19:28:10
github
github
actionview Cross-site Scripting vulnerability
2017-10-24 18:33:35
cve
cve
CVE-2016-6316
2016-09-07 19:28:10
freebsd
freebsd
Rails 4 -- Possible XSS Vulnerability in Action View
2016-08-11 00:00:00
nessus
nessus
FreeBSD : Rails 4 -- Possible XSS Vulnerability in Action View (43f1c867-654a-11e6-8286-00248c0c745d)
2016-10-17 00:00:00
Debian DSA-3651-1 : rails - security update
2016-08-26 00:00:00
Fedora 24 : rubygem-actionview (2016-0d9890f7b5)
2016-08-29 00:00:00
debian
debian
[SECURITY] [DSA 3651-1] rails security update
2016-08-25 16:20:10
[SECURITY] [DSA 3651-1] rails security update
2016-08-25 16:20:10
[SECURITY] [DLA 604-1] ruby-actionpack-3.2 security update
2016-08-28 18:14:37
threatpost
threatpost
GPG Patches 18-Year-Old Libgcrypt RNG Bug
2016-08-18 12:39:21
osv
osv
actionview Cross-site Scripting vulnerability
2017-10-24 18:33:35
rails - security update
2016-08-25 00:00:00
ruby-actionpack-3.2 - security update
2016-08-28 00:00:00
cvelist
cvelist
CVE-2016-6316
2016-09-07 19:00:00
redhatcve
redhatcve
CVE-2016-6316
2016-08-12 06:18:33
gitlab
gitlab
Possible XSS Vulnerability
2016-09-07 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2019-01-15 09:13:09
prion
prion
Cross site scripting
2016-09-07 19:28:00
nvd
nvd
CVE-2016-6316
2016-09-07 19:28:10
ubuntucve
ubuntucve
CVE-2016-6316
2016-09-07 00:00:00