Multiple vulnerabilities in ruby-rails < 2.3.18 allow cross-site scripting
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
The sanitize helper in
lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the
Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x
before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded
: (colon) characters in URLs, which makes it easier for remote attackers
to conduct cross-site scripting (XSS) attacks via a crafted scheme name,
as demonstrated by including a : sequence.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
The sanitize_css method in
lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the
Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x
before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n
(newline) characters, which makes it easier for remote attackers to
conduct cross-site scripting (XSS) attacks via crafted Cascading Style
Sheets (CSS) token sequences.
(from redmine: issue id 1745, created on 2013-03-29, closed on 2013-04-17)
- Relations:
- parent #1743 (closed)
- Changesets:
- Revision 071aa398 by Natanael Copa on 2013-04-12T13:55:26Z:
main/ruby-rails: security upgrade to 2.3.18 (CVE-2013-1855,CVE-2013-1857)
fixes #1745