RubySec

Providing security resources for the Ruby community

CVE-2013-4491 (actionpack): Reflective XSS Vulnerability in Ruby on Rails

ADVISORIES

GEM

actionpack

FRAMEWORK

rails

SEVERITY

CVSS v2: 4.3 (Medium)

PATCHED VERSIONS

  • ~> 3.2.16
  • >= 4.0.2

DESCRIPTION

There is a vulnerability in the internationalization component of Ruby on Rails. Under certain common configurations an attacker can provide specially crafted input which will execute a reflective XSS attack.

The root cause of this issue is a vulnerability in the i18n gem which has been assigned the identifier CVE-2013-4492.