CVE-2015-3226

Опубликовано: 26 июл. 2015

Источник: ubuntu

Приоритет: medium

CVSS2: 4.3

Описание

Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.

Релиз	Статус	Примечание
artful	not-affected	2:4.2.5-1
bionic	not-affected	2:4.2.5-1
cosmic	not-affected	2:4.2.5-1
devel	not-affected	2:4.2.5-1
disco	not-affected	2:4.2.5-1
esm-apps/bionic	not-affected	2:4.2.5-1
esm-apps/xenial	not-affected	2:4.2.5-1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [contains no code]]
precise	not-affected	contains no code
precise/esm	DNE	precise was not-affected [contains no code]

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected]
precise	DNE
precise/esm	DNE
trusty	not-affected
trusty/esm	DNE	trusty was not-affected

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE
precise	ignored	end of life
precise/esm	DNE	precise was needs-triage
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [code not present]]
precise	DNE
precise/esm	DNE
trusty	not-affected	code not present
trusty/esm	DNE	trusty was not-affected [code not present]

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE
precise	ignored	end of life
precise/esm	DNE	precise was needs-triage
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [code not present]]
precise	DNE
precise/esm	DNE
trusty	not-affected	code not present
trusty/esm	DNE	trusty was not-affected [code not present]

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE
precise	ignored	end of life
precise/esm	DNE	precise was needs-triage
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was needed]
precise	DNE
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE	trusty was needed

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE
precise	ignored	end of life
precise/esm	DNE	precise was needs-triage
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
artful	DNE
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [code not present]]
precise	DNE
precise/esm	DNE
trusty	not-affected	code not present
trusty/esm	DNE	trusty was not-affected [code not present]

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-3226

redhat

больше 10 лет назад

CVE-2015-3226

nvd

больше 10 лет назад

CVE-2015-3226

debian

больше 10 лет назад

Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active ...

GHSA-vxvp-4xwc-jpp6

github

больше 8 лет назад

activesupport Cross-site Scripting vulnerability

4.3 Medium

CVSS2

CVE-2015-3226

Описание

Пакет rails

Пакет rails-4.0

Пакет ruby-actionpack-2.3

Пакет ruby-actionpack-3.2

Пакет ruby-activerecord-2.3

Пакет ruby-activerecord-3.2

Пакет ruby-activesupport-2.3

Пакет ruby-activesupport-3.2

Пакет ruby-rails-2.3

Пакет ruby-rails-3.2

Ссылки на источники

Связанные уязвимости