Date: Fri, 18 Nov 2011 09:36:47 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request -- Ruby on Rails / rubygem-actionpack -- XSS in the 'translate' helper method On 11/18/2011 07:52 AM, Jan Lieskovsky wrote: > Hello Kurt, Steve, vendors, > > a cross-site scripting (XSS) flaw was found in the way the > 'translate' helper method of the Ruby on Rails performed HTML > escaping of interpolated user input, when interpolation in > combination with HTML-safe translations were used. A remote > attacker could use this flaw to execute arbitrary HTML or web > script by providing a specially-crafted input to Ruby on Rails > application, using the ActionPack module and its 'translate' > helper method without explicit (application specific) sanitization > of user provided input. > > References: >  > http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released >  > http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released >  https://secunia.com/advisories/46877/ >  https://bugs.gentoo.org/show_bug.cgi?id=390915 >  https://bugzilla.redhat.com/show_bug.cgi?id=755004 > > Relevant upstream patches: >  > http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5 > > Could you allocate a CVE id for this? > > Thank you && Regards, Jan. > -- > Jan iankko Lieskovsky / Red Hat Security Response Team Please use CVE-2011-4319 for this issue. -- -Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ