Cross site scripting in rails/actionpack < 3.0.6
Published: April 22, 2022
SECURITY IDENTIFIERS
- CVE: CVE-2011-1497 (NVD)
- GHSA: GHSA-q58j-fmvf-9rq6
- Vendor Advisory: https://github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOG
GEM
FRAMEWORK
SEVERITY
PATCHED VERSIONS
>= 3.0.6
DESCRIPTION
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.