CVE-2012-1099

Priority
Description
Cross-site scripting (XSS) vulnerability in
actionpack/lib/action_view/helpers/form_options_helper.rb in the select
helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x
before 3.2.2 allows remote attackers to inject arbitrary web script or HTML
via vectors involving certain generation of OPTION elements within SELECT
elements.
Notes
mdeslaurin Oneiric+, rails package is just for transition
Package
Source: rails (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [contains no code])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [contains no code])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (contains no code)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2020-01-29 19:43:31 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)