CVE-2012-1099 (retired)

Priority
Description
Cross-site scripting (XSS) vulnerability in
actionpack/lib/action_view/helpers/form_options_helper.rb in the select
helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x
before 3.2.2 allows remote attackers to inject arbitrary web script or HTML
via vectors involving certain generation of OPTION elements within SELECT
elements.
Notes
 mdeslaur> in Oneiric+, rails package is just for transition
Package
Source: rails (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [contains no code])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (contains no code)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-08-23 08:48:20 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)