CVE-2012-1098 – activesupport

Package

Manager: gem
Name: activesupport
Vulnerable Version: >=3.0.0 <3.0.12 || >=3.1.0 <3.1.4 || >=3.2.0 <3.2.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:H/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00377 pctl0.58505

Details

activesupport Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.

Metadata

Created: 2017-10-24T18:33:38Z
Modified: 2023-01-23T18:01:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-qv8p-v9qw-wc7g/GHSA-qv8p-v9qw-wc7g.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-qv8p-v9qw-wc7g
Finding: F425
Auto approve: 1