Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386261 - dev-ruby/rails: xss vulnerability (CVE-2011-2197)
Summary: dev-ruby/rails: xss vulnerability (CVE-2011-2197)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-08 12:30 UTC by GLSAMaker/CVETool Bot
Modified: 2011-10-08 12:33 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 12:30:55 UTC 
CVE-2011-2197 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2197):
  The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x
  before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not
  properly handle mutation of safe buffers, which makes it easier for remote
  attackers to conduct XSS attacks via crafted strings to an application that
  uses a problematic string method, as demonstrated by the sub method.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2011-10-08 12:33:06 UTC 
Already fixed, bug only opened for tracking purposes. Closing noglsa.