RubySec

Providing security resources for the Ruby community

CVE-2013-1855 (actionpack): XSS vulnerability in sanitize_css in Action Pack

ADVISORIES

GEM

actionpack

FRAMEWORK

rails

SEVERITY

CVSS v2: 4.3

PATCHED VERSIONS

  • ~> 2.3.18
  • ~> 3.1.12
  • >= 3.2.13

DESCRIPTION

There is an XSS vulnerability in the sanitize_css method in Action Pack. Carefully crafted text can bypass the sanitization provided in the sanitize_css method in Action Pack