Cross-site Scripting Vulnerability in Active Support by Ruby on Rails
CVE-2015-3226

Currently unrated

Key Information:

Vendor

Rubyonrails

Status
Ruby On Rails
Rails
Vendor
CVE Published:
26 July 2015

What is CVE-2015-3226?

A cross-site scripting vulnerability exists in the Active Support component of Ruby on Rails, specifically in the json/encoding.rb file, which affects versions 3.x, as well as 4.1.x before version 4.1.11 and 4.2.x prior to version 4.2.2. This flaw allows remote attackers to perform injection of arbitrary web scripts or HTML owing to improper handling of a crafted Hash during JSON encoding. Such a security gap could enable attackers to execute malicious scripts in the context of the victim’s browser, potentially compromising user data and session integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securitytracker.com/id/1033755
vdb-entryx_refsource_SECTRACK
https://groups.google.com/forum/message/raw?msg=rubyonrai...
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/75231
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.