Lookup for vulnerable packages by Package URL.
| Purl | pkg:gem/actionpack@3.0.17 |
|---|
| Type | gem |
|---|
| Namespace | |
|---|
| Name | actionpack |
|---|
| Version | 3.0.17 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 3.0.19 |
|---|
| Latest_non_vulnerable_version | 7.1.3.1 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-7m31-x66p-3bha |
| vulnerability_id |
VCID-7m31-x66p-3bha |
| summary |
actionpack Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in `actionpack/lib/action_view/helpers/sanitize_helper.rb` in the `strip_tags` helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3465, GHSA-7g65-ghrg-hpf5, OSV-84513
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7m31-x66p-3bha |
|
| 1 |
| url |
VCID-t9c8-r3yp-sbde |
| vulnerability_id |
VCID-t9c8-r3yp-sbde |
| summary |
Ruby on Rails Potential XSS Vulnerability in select_tag prompt
When a value for the `prompt` field is supplied to the `select_tag` helper, the value is not escaped. If untrusted data is not escaped, and is supplied as the prompt value, there is a potential for XSS attacks. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2012-3463, GHSA-98mf-8f57-64qf, OSV-84515
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t9c8-r3yp-sbde |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.0.17 |
|---|