RHSA-2016:1856-01 -- Redhat rh-ror41-rubygem-actionviewID: oval:org.secpod.oval:def:505059 | Date: (C)2021-02-03 (M)2022-09-23 |
Class: PATCH | Family: unix |
Ruby on Rails is a model-view-controller framework for web application development. Action View implements the view component. Security Fix: * It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack. Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter as the original reporter.
Platform: |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 6 |
Product: |
rh-ror41-rubygem-actionview |