CVE-2011-2197 in Ruby on Railsinformação

Sumário (Inglês)

The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservar

31/05/2011

Divulgação

30/06/2011

Estado

Confirmado

Inscrições

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidade	CWE	Exp	Con	CVE
57808	Ruby on Rails Script de Site Cruzado	79	Não definido	Correção oficial	CVE-2011-2197

Descrição

CPE

CWE

CVSS

Explorações

História

Diferença

Relacionar

Inteligência de ameaças

API JSON

API XML

API CSV

Fontes

MITRE
NVD
CVE Details

◂ VoltarVisão GeralPróximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!