CVE-2011-2932 (retired)

Priority
Description
Cross-site scripting (XSS) vulnerability in
activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby
on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5
allows remote attackers to inject arbitrary web script or HTML via a
malformed Unicode string, related to a "UTF-8 escaping vulnerability."
Notes
 mdeslaur> in natty and earlier, the affected code is in
 mdeslaur> actionpack/lib/action_view/erb/util.rb
Package
Source: rails (LP Ubuntu Debian)
Upstream:released (2.3.13,3.0.10)
Patches:
Other:https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd
More Information

Updated: 2019-08-23 08:44:03 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)