Back to search
CVE-2011-2197
Published: Jun 30, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[rubyonrails-security] 20110607 Potential XSS Vulnerability in Ruby on Rails Applications
mailing-list
x_refsource_MLIST
FEDORA-2011-8494
vendor-advisory
x_refsource_FEDORA
FEDORA-2011-8580
vendor-advisory
x_refsource_FEDORA
44789
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20110609 CVE Request: Ruby on Rails 3/rails_xss XSS
mailing-list
x_refsource_MLIST
[oss-security] 20110613 Re: CVE Request: Ruby on Rails 3/rails_xss XSS
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now