Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 18 Nov 2011 09:36:47 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request -- Ruby on Rails / rubygem-actionpack
 -- XSS in the 'translate' helper method

On 11/18/2011 07:52 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
>
>   a cross-site scripting (XSS) flaw was found in the way the
> 'translate' helper method of the Ruby on Rails performed HTML
> escaping of interpolated user input, when interpolation in
> combination with HTML-safe translations were used. A remote
> attacker could use this flaw to execute arbitrary HTML or web
> script by providing a specially-crafted input to Ruby on Rails
> application, using the ActionPack module and its 'translate'
> helper method without explicit (application specific) sanitization
> of user provided input.
>
> References:
> [1]
> http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released
> [2]
> http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released
> [3] https://secunia.com/advisories/46877/
> [4] https://bugs.gentoo.org/show_bug.cgi?id=390915
> [5] https://bugzilla.redhat.com/show_bug.cgi?id=755004
>
> Relevant upstream patches:
> [6]
> http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5
>
> Could you allocate a CVE id for this?
>
> Thank you && Regards, Jan.
> -- 
> Jan iankko Lieskovsky / Red Hat Security Response Team

Please use CVE-2011-4319 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ