Description
Cross-site scripting (XSS) vulnerability in
actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x
before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote
attackers to inject arbitrary web script or HTML via the prompt field to
the select_tag helper.
Notes
tyhicks> 2.3.x is not affected
Package
| Upstream: | not-affected
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was not-affected)
|
| Ubuntu 14.04 LTS (Trusty Tahr): | DNE
|
| Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
| Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
| Ubuntu 18.10 (Cosmic Cuttlefish): | DNE
|
| Ubuntu 19.04 (Disco Dingo): | DNE
|
Package
| Upstream: | needed
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
| Ubuntu 14.04 LTS (Trusty Tahr): | needed
|
| Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
| Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
| Ubuntu 18.10 (Cosmic Cuttlefish): | DNE
|
| Ubuntu 19.04 (Disco Dingo): | DNE
|
Package
| Upstream: | not-affected
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was not-affected)
|
| Ubuntu 14.04 LTS (Trusty Tahr): | DNE
|
| Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
| Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
| Ubuntu 18.10 (Cosmic Cuttlefish): | DNE
|
| Ubuntu 19.04 (Disco Dingo): | DNE
|
Package
| Upstream: | not-affected
|
| Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
| Ubuntu 14.04 LTS (Trusty Tahr): | not-affected
(code not present)
|
| Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
| Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
| Ubuntu 18.10 (Cosmic Cuttlefish): | DNE
|
| Ubuntu 19.04 (Disco Dingo): | DNE
|
Updated: 2019-01-14 21:14:39 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)