CVE-2012-3464

Опубликовано: 10 авг. 2012

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:rubyonrails:rails:0.9.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.9.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.9.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.9.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.9.4.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.10.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.10.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.11.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.11.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.12.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.12.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.13.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.13.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.14.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.14.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.14.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:0.14.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:1.9.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.10:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.11:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:2.3.12:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:*:*:*:*:*:*:*:*

Версия до 3.0.16 (включая)

cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00333

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2012-3464

ubuntu

больше 13 лет назад

CVE-2012-3464

redhat

больше 13 лет назад

CVE-2012-3464

debian

больше 13 лет назад

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...

GHSA-h835-75hw-pj89

github

больше 8 лет назад

activesupport Cross-site Scripting vulnerability

EPSS

Процентиль: 56%

0.00333

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79