Vulnerability Database
289,782
Total vulnerabilities in the database
CVE-2012-1098
Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.
| Software | From | Fixed in |
|---|---|---|
| rubyonrails / ruby_on_rails | 3.0.4 | 3.0.4.x |
| rubyonrails / rails | 3.0.0-beta | 3.0.0-beta.x |
| rubyonrails / rails | 3.0.0-beta2 | 3.0.0-beta2.x |
| rubyonrails / rails | 3.0.0-beta3 | 3.0.0-beta3.x |
| rubyonrails / rails | 3.0.0-beta4 | 3.0.0-beta4.x |
| rubyonrails / rails | 3.0.0-rc | 3.0.0-rc.x |
| rubyonrails / rails | 3.0.0-rc2 | 3.0.0-rc2.x |
| rubyonrails / rails | 3.0.1-pre | 3.0.1-pre.x |
| rubyonrails / rails | 3.0.2-pre | 3.0.2-pre.x |
| rubyonrails / rails | 3.0.0 | 3.0.0.x |
| rubyonrails / rails | 3.0.10-rc1 | 3.0.10-rc1.x |
| rubyonrails / rails | 3.0.10 | 3.0.10.x |
| rubyonrails / rails | 3.0.12-rc1 | 3.0.12-rc1.x |
| rubyonrails / rails | 3.0.1 | 3.0.1.x |
| rubyonrails / rails | 3.0.2 | 3.0.2.x |
| rubyonrails / rails | 3.0.3 | 3.0.3.x |
| rubyonrails / rails | 3.0.11 | 3.0.11.x |
| rubyonrails / rails | 3.0.4-rc1 | 3.0.4-rc1.x |
| rubyonrails / rails | 3.0.5 | 3.0.5.x |
| rubyonrails / rails | 3.0.5-rc1 | 3.0.5-rc1.x |
| rubyonrails / rails | 3.0.6-rc1 | 3.0.6-rc1.x |
| rubyonrails / rails | 3.0.6-rc2 | 3.0.6-rc2.x |
| rubyonrails / rails | 3.0.6 | 3.0.6.x |
| rubyonrails / rails | 3.0.7-rc1 | 3.0.7-rc1.x |
| rubyonrails / rails | 3.0.7-rc2 | 3.0.7-rc2.x |
| rubyonrails / rails | 3.0.7 | 3.0.7.x |
| rubyonrails / rails | 3.0.8-rc1 | 3.0.8-rc1.x |
| rubyonrails / rails | 3.0.8-rc2 | 3.0.8-rc2.x |
| rubyonrails / rails | 3.0.8-rc3 | 3.0.8-rc3.x |
| rubyonrails / rails | 3.0.8-rc4 | 3.0.8-rc4.x |
| rubyonrails / rails | 3.0.8 | 3.0.8.x |
| rubyonrails / rails | 3.0.9-rc1 | 3.0.9-rc1.x |
| rubyonrails / rails | 3.0.9-rc2 | 3.0.9-rc2.x |
| rubyonrails / rails | 3.0.9-rc3 | 3.0.9-rc3.x |
| rubyonrails / rails | 3.0.9-rc4 | 3.0.9-rc4.x |
| rubyonrails / rails | 3.0.9 | 3.0.9.x |
| rubyonrails / rails | 3.0.9-rc5 | 3.0.9-rc5.x |
| rubyonrails / rails | 3.1.0-beta1 | 3.1.0-beta1.x |
| rubyonrails / rails | 3.1.0-rc1 | 3.1.0-rc1.x |
| rubyonrails / rails | 3.1.0-rc2 | 3.1.0-rc2.x |
| rubyonrails / rails | 3.1.0-rc3 | 3.1.0-rc3.x |
| rubyonrails / rails | 3.1.0-rc4 | 3.1.0-rc4.x |
| rubyonrails / rails | 3.1.0-rc5 | 3.1.0-rc5.x |
| rubyonrails / rails | 3.1.0-rc6 | 3.1.0-rc6.x |
| rubyonrails / rails | 3.1.0-rc7 | 3.1.0-rc7.x |
| rubyonrails / rails | 3.1.0 | 3.1.0.x |
| rubyonrails / rails | 3.1.0-rc8 | 3.1.0-rc8.x |
| rubyonrails / rails | 3.1.1-rc1 | 3.1.1-rc1.x |
| rubyonrails / rails | 3.1.1-rc2 | 3.1.1-rc2.x |
| rubyonrails / rails | 3.1.1 | 3.1.1.x |
| rubyonrails / rails | 3.1.1-rc3 | 3.1.1-rc3.x |
| rubyonrails / rails | 3.1.2-rc1 | 3.1.2-rc1.x |
| rubyonrails / rails | 3.1.2-rc2 | 3.1.2-rc2.x |
| rubyonrails / rails | 3.1.2 | 3.1.2.x |
| rubyonrails / rails | 3.1.4-rc1 | 3.1.4-rc1.x |
| rubyonrails / rails | 3.1.3 | 3.1.3.x |
| rubyonrails / rails | 3.2.0-rc1 | 3.2.0-rc1.x |
| rubyonrails / rails | 3.2.0-rc2 | 3.2.0-rc2.x |
| rubyonrails / rails | 3.2.0 | 3.2.0.x |
| rubyonrails / rails | 3.2.1 | 3.2.1.x |
| rubyonrails / rails | 3.2.2-rc1 | 3.2.2-rc1.x |
activesupport
|
3.0.0 | 3.0.12 |
|
activesupport
|
3.1.0 | 3.1.4 |
|
activesupport
|
3.2.0 | 3.2.2 |
- http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source&output=gplain
- http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html
- http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released
- http://www.openwall.com/lists/oss-security/2012/03/02/6
- http://www.openwall.com/lists/oss-security/2012/03/03/1
- https://bugzilla.redhat.com/show_bug.cgi?id=799275