GHSA-8qrh-h9m2-5fvf

Suggest an improvement
Source
https://github.com/advisories/GHSA-8qrh-h9m2-5fvf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-8qrh-h9m2-5fvf/GHSA-8qrh-h9m2-5fvf.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-8qrh-h9m2-5fvf
Aliases
Published
2017-10-24T18:33:38Z
Modified
2024-12-07T05:35:09.486800Z
Summary
Cross site scripting that affects rails
Details

Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

Database specific
{
    "nvd_published_at": "2009-09-08T18:30:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:26:29Z"
}
References

Affected packages

RubyGems / actionpack

Package

Name
actionpack
Purl
pkg:gem/actionpack

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.2.3

Affected versions

2.*

2.0.0
2.0.1
2.0.2
2.0.4
2.0.5
2.1.0
2.1.1
2.1.2
2.2.2

RubyGems / actionpack

Package

Name
actionpack
Purl
pkg:gem/actionpack

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.3.0
Fixed
2.3.4

Affected versions

2.*

2.3.2
2.3.3

RubyGems / activesupport

Package

Name
activesupport
Purl
pkg:gem/activesupport

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.0.0
Fixed
2.2.3

Affected versions

2.*

2.0.0
2.0.1
2.0.2
2.0.4
2.0.5
2.1.0
2.1.1
2.1.2
2.2.2

RubyGems / activesupport

Package

Name
activesupport
Purl
pkg:gem/activesupport

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.3.0
Fixed
2.3.4

Affected versions

2.*

2.3.2
2.3.3