CVE-2015-3226 in Ruby on Rails信息

摘要 (英语)

Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.

预定

2015-04-10

披露

2015-07-26

条目

VulDB provides additional information and datapoints for this CVE:

标识符	漏洞	CWE	可利用	对策	CVE
76814	Ruby on Rails JSON Encoding encoding.rb 跨网站脚本	79	未定义	官方修复	CVE-2015-3226

描述

CPE

CWE

CVSS

漏洞利用

历史

差异

连接

威胁情报

API JSON

API XML

API CSV

◂ 上一步一览下一步 ▸

Do you need the next level of professionalism?

Upgrade your account now!