RubySec

Providing security resources for the Ruby community

CVE-2011-1497 (actionpack): Cross site scripting in rails/actionpack < 3.0.6

ADVISORIES

GEM

actionpack

FRAMEWORK

Ruby on Rails

SEVERITY

CVSS v3.x: 6.1 (Medium)

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

  • >= 3.0.6

DESCRIPTION

A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.

RELATED

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories