GHSA-7g65-ghrg-hpf5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7g65-ghrg-hpf5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-7g65-ghrg-hpf5/GHSA-7g65-ghrg-hpf5.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-7g65-ghrg-hpf5
- Aliases
- Published
- 2017-10-24T18:33:37Z
- Modified
- 2025-01-21T15:25:12.416137Z
- Summary
- actionpack Cross-site Scripting vulnerability
- Details
-
Cross-site scripting (XSS) vulnerability in
actionpack/lib/action_view/helpers/sanitize_helper.rbin thestrip_tagshelper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup. - Database specific
{ "nvd_published_at": "2012-08-10T10:34:47Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:22:45Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2012-3465
- https://github.com/rails/rails/commit/cf48c9c7dcbef8543171f7f7de8d3d9a16b58e77
- https://github.com/rails/rails/commit/e91e4e8bbee12ce1496bf384c04da6be296b687a
- https://github.com/rails/rails
- https://groups.google.com/group/rubyonrails-security/msg/7fbb5392d4d282b5?dmode=source&output=gplain
- http://rhn.redhat.com/errata/RHSA-2013-0154.html
- http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released
Affected packages
RubyGems / actionpack
Package
- Name
- actionpack
- Purl
- pkg:gem/actionpack
Affected versions
3.*
3.0.0.beta
3.0.0.beta2
3.0.0.beta3
3.0.0.beta4
3.0.0.rc
3.0.0.rc2
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4.rc1
3.0.4
3.0.5.rc1
3.0.5
3.0.6.rc1
3.0.6.rc2
3.0.6
3.0.7.rc1
3.0.7.rc2
3.0.7
3.0.8.rc1
3.0.8.rc2
3.0.8.rc4
3.0.8
3.0.9.rc1
3.0.9.rc3
3.0.9.rc4
3.0.9.rc5
3.0.9
3.0.10.rc1
3.0.10
3.0.11
3.0.12.rc1
3.0.12
3.0.13.rc1
3.0.13
3.0.14
3.0.15
3.0.16
RubyGems / actionpack
Package
- Name
- actionpack
- Purl
- pkg:gem/actionpack
RubyGems / actionpack
Package
- Name
- actionpack
- Purl
- pkg:gem/actionpack
RubyGems / actionpack
Package
- Name
- actionpack
- Purl
- pkg:gem/actionpack
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.3.16
Affected versions
0.*
0.9.0
0.9.5
1.*
1.0.0
1.0.1
1.1.0
1.2.0
1.3.0
1.3.1
1.4.0
1.5.0
1.5.1
1.6.0
1.7.0
1.8.0
1.8.1
1.9.0
1.9.1
1.10.1
1.10.2
1.11.0
1.11.1
1.11.2
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.12.5
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.13.5
1.13.6
2.*
2.0.0
2.0.1
2.0.2
2.0.4
2.0.5
2.1.0
2.1.1
2.1.2
2.2.2
2.2.3
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8.pre1
2.3.8
2.3.9.pre
2.3.9
2.3.10
2.3.11
2.3.12
2.3.14
2.3.15