Description
Cross-site scripting (XSS) vulnerability in
actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x
before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote
attackers to inject arbitrary web script or HTML via the prompt field to
the select_tag helper.
Notes
tyhicks | 2.3.x is not affected |
Package
Upstream: | not-affected
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was not-affected)
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Ubuntu 19.04 (Disco Dingo): | DNE
|
Ubuntu 19.10 (Eoan Ermine): | DNE
|
Package
Upstream: | needed
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was needed)
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Ubuntu 19.04 (Disco Dingo): | DNE
|
Ubuntu 19.10 (Eoan Ermine): | DNE
|
Package
Upstream: | not-affected
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
(precise was not-affected)
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Ubuntu 19.04 (Disco Dingo): | DNE
|
Ubuntu 19.10 (Eoan Ermine): | DNE
|
Package
Upstream: | not-affected
|
Ubuntu 12.04 ESM (Precise Pangolin): | DNE
|
Ubuntu 14.04 ESM (Trusty Tahr): | DNE
(trusty was not-affected [code not present])
|
Ubuntu 16.04 LTS (Xenial Xerus): | DNE
|
Ubuntu 18.04 LTS (Bionic Beaver): | DNE
|
Ubuntu 19.04 (Disco Dingo): | DNE
|
Ubuntu 19.10 (Eoan Ermine): | DNE
|
Updated: 2019-12-05 20:59:40 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)