Novell Home

CVE-2012-3464

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-3464 at MITRE

Description

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 775653

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Studio Extension for System z 1.2
SUSE Studio Onsite 1.2 [Appliance - Studio]
SUSE Studio Standard Edition 1.2
WebYaST 1.2
  • rubygem-activesupport-2_3 >= 2.3.14-0.7.8.1
Builds
SAT Patch Nr: 7027
SUSE Studio Extension for System z 1.2
SUSE Studio Onsite 1.2 [Appliance - Studio]
SUSE Studio Standard Edition 1.2
WebYaST 1.2
  • rubygem-actionpack-2_3 >= 2.3.14-0.7.10.1
Builds
SAT Patch Nr: 7031
SUSE Linux Enterprise High Availability Extension 11 SP2
  • hawk >= 0.5.2-0.38.16
  • hawk-templates >= 0.5.2-0.38.16
Builds
SAT Patch Nr: 7078
SUSE Cloud 1.0
SUSE Linux Enterprise Software Development Kit 11 SP2
  • rubygem-actionpack-2_3 >= 2.3.14-0.14.1
Builds
SAT Patch Nr: 7030
SUSE Cloud 1.0
SUSE Linux Enterprise Software Development Kit 11 SP2
  • rubygem-activesupport-2_3 >= 2.3.14-0.12.1
Builds
SAT Patch Nr: 7026

© 2014 Novell