Cross-Site Scripting Vulnerability in Ruby on Rails by Ruby
CVE-2013-4491

Currently unrated

Key Information:

Vendor: Rubyonrails
Status: Rails
Vendor: CVE Published:; 7 December 2013

🔔 Create Rubyonrails Vulnerability Alert

What is CVE-2013-4491?

A cross-site scripting (XSS) vulnerability exists in the internationalization component of Ruby on Rails. This issue allows remote attackers to inject arbitrary web scripts or HTML by manipulating strings that invoke the i18n gem's fallback string mechanism. Affected versions of Ruby on Rails include 3.x prior to 3.2.16 and 4.x prior to 4.0.2. It is crucial for developers using these versions to apply security updates to mitigate potential exploitation.

References

http://rhn.redhat.com/errata/RHSA-2014-0008.html

vendor-advisoryx_refsource_REDHAT

http://lists.opensuse.org/opensuse-updates/2013-12/msg000...

vendor-advisoryx_refsource_SUSE

http://secunia.com/advisories/57836

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2013
Vulnerability Reserved
Jun 12, 2013