Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2013-1857

Опубликовано: 19 мар. 2013
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3

Описание

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.

РелизСтатусПримечание
artful

not-affected

contains no code
bionic

not-affected

contains no code
cosmic

not-affected

contains no code
devel

not-affected

contains no code
esm-apps/bionic

not-affected

contains no code
esm-apps/xenial

not-affected

contains no code
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected [contains no code]]
hardy

ignored

end of life
lucid

ignored

end of life
oneiric

not-affected

contains no code

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

hardy

DNE

lucid

DNE

oneiric

ignored

end of life
precise

ignored

end of life
precise/esm

DNE

precise was needs-triage

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [3.2.6-6]]
hardy

DNE

lucid

DNE

oneiric

DNE

precise

DNE

precise/esm

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

hardy

DNE

lucid

DNE

oneiric

ignored

end of life
precise

ignored

end of life
precise/esm

DNE

precise was needs-triage

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected]
hardy

DNE

lucid

DNE

oneiric

DNE

precise

DNE

precise/esm

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

hardy

DNE

lucid

DNE

oneiric

ignored

end of life
precise

ignored

end of life
precise/esm

DNE

precise was needs-triage

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected]
hardy

DNE

lucid

DNE

oneiric

DNE

precise

DNE

precise/esm

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

hardy

DNE

lucid

DNE

oneiric

ignored

end of life
precise

ignored

end of life
precise/esm

DNE

precise was needs-triage

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected]
hardy

DNE

lucid

DNE

oneiric

DNE

precise

DNE

precise/esm

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 70%
0.00625
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2013-1857

redhat
почти 13 лет назад

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.

nvd логотип

CVE-2013-1857

nvd
почти 13 лет назад

The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.

debian логотип

CVE-2013-1857

debian
почти 13 лет назад

The sanitize helper in lib/action_controller/vendor/html-scanner/html/ ...

github логотип

GHSA-j838-vfpq-fmf2

github
больше 8 лет назад

actionpack Cross-site Scripting vulnerability

EPSS

Процентиль: 70%
0.00625
Низкий

4.3 Medium

CVSS2