Multiple vulnerabilities in ruby-rails < 3.2.13 allow cross-site scripting
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
The sanitize helper in
lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the
Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x
before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded
: (colon) characters in URLs, which makes it easier for remote attackers
to conduct cross-site scripting (XSS) attacks via a crafted scheme name,
as demonstrated by including a : sequence.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
The sanitize_css method in
lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the
Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x
before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n
(newline) characters, which makes it easier for remote attackers to
conduct cross-site scripting (XSS) attacks via crafted Cascading Style
Sheets (CSS) token sequences.
(from redmine: issue id 1744, created on 2013-03-29, closed on 2013-04-17)
- Relations:
- parent #1743 (closed)
- Changesets:
- Revision 5c028fa1 by Natanael Copa on 2013-04-12T13:54:00Z:
main/ruby-rails: security upgrade to 3.2.13 (CVE-2013-1855,CVE-2013-1857)
fixes #1744
- Revision c90e5c25 by Natanael Copa on 2013-04-12T13:56:05Z:
main/ruby-rails: security upgrade to 3.2.13 (CVE-2013-1855,CVE-2013-1857)
fixes #1744