Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-0081

Опубликовано: 18 фев. 2014
Источник: redhat
CVSS2: 4.3

Описание

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.

Отчет

Red Hat OpenShift Enterprise 1.2 is now in Production 1 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat OpenShift Enterprise Life Cycle: https://access.redhat.com/site/support/policy/updates/openshift.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Enterprise 1ruby193-rubygem-actionpackWill not fix
Red Hat OpenStack Platform 3ruby193-rubygem-actionpackAffected
Red Hat OpenStack Platform 4ruby193-rubygem-actionpackAffected
Red Hat Satellite 6ruby193-rubygem-actionpackAffected
Red Hat Software Collectionsror40-rubygem-actionpackAffected
Red Hat Subscription Asset Managerruby193-rubygem-actionpackWill not fix
CloudForms Management Engine 5.xcfmeFixedRHSA-2014:021511.03.2014
CloudForms Management Engine 5.xruby193-rubyFixedRHSA-2014:021511.03.2014
CloudForms Management Engine 5.xruby193-rubygem-actionpackFixedRHSA-2014:021511.03.2014
CloudForms Management Engine 5.xruby193-rubygem-amq-protocolFixedRHSA-2014:021511.03.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1065520rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-0081

ubuntu
почти 12 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.

nvd логотип

CVE-2014-0081

nvd
почти 12 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.

debian логотип

CVE-2014-0081

debian
почти 12 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/ ...

github логотип

GHSA-m46p-ggm5-5j83

github
больше 8 лет назад

Rails vulnerable to Cross-site Scripting

4.3 Medium

CVSS2