CVE-2012-3465 – actionpack

Package

Manager: gem
Name: actionpack
Vulnerable Version: >=3.0.0.beta <3.0.17 || >=3.1.0 <3.1.8 || >=3.2.0 <3.2.8 || >=0 <2.3.16

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00333 pctl0.55485

Details

actionpack Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

Metadata

Created: 2017-10-24T18:33:37Z
Modified: 2025-01-21T15:21:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-7g65-ghrg-hpf5/GHSA-7g65-ghrg-hpf5.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-7g65-ghrg-hpf5
Finding: F008
Auto approve: 1