RHSA-2016:1858-01 -- Redhat ruby193-rubygem-actionpackID: oval:org.secpod.oval:def:505115 | Date: (C)2021-02-03 (M)2022-09-23 |
Class: PATCH | Family: unix |
Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack. Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter as the original reporter.
Platform: |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 6 |
Product: |
ruby193-rubygem-actionpack |