Описание
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | contains no code |
| bionic | not-affected | contains no code |
| cosmic | not-affected | contains no code |
| devel | not-affected | contains no code |
| esm-apps/bionic | not-affected | contains no code |
| esm-apps/xenial | not-affected | contains no code |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [contains no code]] |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| oneiric | not-affected | contains no code |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [3.2.6-5]] |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| precise/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| precise/esm | DNE |
Показывать по
4.3 Medium
CVSS2
Связанные уязвимости
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.
The sanitize_css method in lib/action_controller/vendor/html-scanner/h ...
4.3 Medium
CVSS2