CVE-2011-2932

EUVD-2017-0203
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
rubyonrailsrails
2.0.0
rubyonrailsrails
2.0.0:rc1
rubyonrailsrails
2.0.0:rc2
rubyonrailsrails
2.0.1
rubyonrailsrails
2.0.2
rubyonrailsrails
2.0.4
rubyonrailsrails
2.1.0
rubyonrailsrails
2.1.1
rubyonrailsrails
2.1.2
rubyonrailsrails
2.2.0
rubyonrailsrails
2.2.1
rubyonrailsrails
2.2.2
rubyonrailsrails
2.3.2
rubyonrailsrails
2.3.3
rubyonrailsrails
2.3.4
rubyonrailsrails
2.3.9
rubyonrailsrails
2.3.10
rubyonrailsrails
2.3.11
rubyonrailsrails
2.3.12
rubyonrailsrails
3.0.0
rubyonrailsrails
3.0.0:beta
rubyonrailsrails
3.0.0:beta2
rubyonrailsrails
3.0.0:beta3
rubyonrailsrails
3.0.0:beta4
rubyonrailsrails
3.0.0:rc
rubyonrailsrails
3.0.0:rc2
rubyonrailsrails
3.0.1
rubyonrailsrails
3.0.1:pre
rubyonrailsrails
3.0.2
rubyonrailsrails
3.0.2:pre
rubyonrailsrails
3.0.3
rubyonrailsrails
3.0.4:rc1
rubyonrailsrails
3.0.5
rubyonrailsrails
3.0.5:rc1
rubyonrailsrails
3.0.6
rubyonrailsrails
3.0.6:rc1
rubyonrailsrails
3.0.6:rc2
rubyonrailsrails
3.0.7
rubyonrailsrails
3.0.7:rc1
rubyonrailsrails
3.0.7:rc2
rubyonrailsrails
3.0.8
rubyonrailsrails
3.0.8:rc1
rubyonrailsrails
3.0.8:rc2
rubyonrailsrails
3.0.8:rc3
rubyonrailsrails
3.0.8:rc4
rubyonrailsrails
3.0.9
rubyonrailsrails
3.0.9:rc1
rubyonrailsrails
3.0.9:rc2
rubyonrailsrails
3.0.9:rc3
rubyonrailsrails
3.0.9:rc4
rubyonrailsrails
3.0.9:rc5
rubyonrailsrails
3.0.10:rc1
rubyonrailsrails
3.1.0
rubyonrailsrails
3.1.0:beta1
rubyonrailsrails
3.1.0:rc1
rubyonrailsrails
3.1.0:rc2
rubyonrailsrails
3.1.0:rc3
rubyonrailsrails
3.1.0:rc4
rubyonrailsruby_on_rails
3.0.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rails
bookworm
2:6.1.7.3+dfsg-2~deb12u1
fixed
bullseye
2:6.0.3.7+dfsg-2+deb11u2
fixed
bullseye (security)
2:6.0.3.7+dfsg-2+deb11u2
fixed
sid
2:6.1.7.3+dfsg-4
fixed
trixie
2:6.1.7.3+dfsg-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rails
hardy
ignored
lucid
Fixed 2.2.3-2ubuntu0.1
released
maverick
Fixed 2.3.5-1.1ubuntu0.1
released
natty
Fixed 2.3.5-1.2ubuntu1.1
released
Common Weakness Enumeration
References
http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
http://secunia.com/advisories/45917
http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
http://www.openwall.com/lists/oss-security/2011/08/17/1
http://www.openwall.com/lists/oss-security/2011/08/19/11
http://www.openwall.com/lists/oss-security/2011/08/20/1
http://www.openwall.com/lists/oss-security/2011/08/22/13
http://www.openwall.com/lists/oss-security/2011/08/22/14
http://www.openwall.com/lists/oss-security/2011/08/22/5
https://bugzilla.redhat.com/show_bug.cgi?id=731435
https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd
http://groups.google.com/group/rubyonrails-security/msg/f1d2749773db9f21?dmode=source&output=gplain
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065114.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065212.html
http://secunia.com/advisories/45917
http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-1-0-rc6
http://www.openwall.com/lists/oss-security/2011/08/17/1
http://www.openwall.com/lists/oss-security/2011/08/19/11
http://www.openwall.com/lists/oss-security/2011/08/20/1
http://www.openwall.com/lists/oss-security/2011/08/22/13
http://www.openwall.com/lists/oss-security/2011/08/22/14
http://www.openwall.com/lists/oss-security/2011/08/22/5
https://bugzilla.redhat.com/show_bug.cgi?id=731435
https://github.com/rails/rails/commit/bfc432574d0b141fd7fe759edfe9b6771dd306bd