Debian 10: 2019-0775 Significant XSS Vulnerability in Ruby-Sinatra
fedora
September 25, 2009
A vulnerability is found on Ruby on Rails in the escaping code for the form
helpers, which also affects the rpms shipped in Fedora Project
Summary
Eases web-request routing, handling, and response as a half-way front,
half-way page controller. Implemented with specific emphasis on enabling easy
unit/integration testing that doesn't require a browser.
Update Information:
A vulnerability is found on Ruby on Rails in the escaping code for the form helpers, which also affects the rpms shipped in Fedora Project. Attackers who can inject deliberately malformed unicode strings into the form helpers can defeat the escaping checks and inject arbitrary HTML. This issue has been tagged as CVE-2009-3009. These new rpms will fix this issue.
Topics Covered
Change Log
* Wed Sep 23 2009 Mamoru Tasaka
References
[ 1 ] Bug #520843 - CVE-2009-3009 ruby-activesupport: XSS vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=520843
Update Instructions
This update can be installed with the "yum" update program. Use su -c 'yum update rubygem-actionpack' at the command line. For more information, refer to "Managing Software with yum", available at .
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: rubygem-actionpack
Product: Fedora 11
Version: 2.3.3
Release: 2.fc11
Summary: Web-flow and rendering framework putting the VC in MVC
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!