CVE-2012-1098

Priority
Description
Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before
3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers
to inject arbitrary web script or HTML via vectors involving a SafeBuffer
object that is manipulated through certain methods.
Notes
mdeslaurin Oneiric+, rails package is just for transition
Package
Source: rails (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [contains no code])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [contains no code])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (contains no code)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-12-05 20:58:49 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)