Cross-Site Scripting in rubygem-actionpack
ID: | FEDORA-2012-0643 |
Distribution: | Fedora |
Plattformen: | Fedora 16 |
Datum: | Do, 26. Januar 2012, 08:37 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4319 |
Applikationen: | Action Pack |
Originalnachricht |
|
Name : rubygem-actionpack Product : Fedora 16 Version : 3.0.10 Release : 2.fc16 URL : http://www.rubyonrails.org Summary : Web-flow and rendering framework putting the VC in MVC Description : Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. -------------------------------------------------------------------------------- Update Information: A cross-site scripting (XSS) flaw was found in the way the 'translate' helper method of the Ruby on Rails performed HTML escaping of interpolated user input, when interpolation in combination with HTML-safe translations were used. This release fixes the bug. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 17 2012 Bohuslav Kabrda |