DSA-5389-1 rails -- railsID: oval:org.secpod.oval:def:93323 | Date: (C)2023-09-27 (M)2023-09-27 |
Class: PATCH | Family: unix |
Brief introduction Two vulnerabilities were discovered in rails, the Ruby based server-side MVC web application framework, which could lead to XSS and DOM based cross-site scripting . This update also fixes a regression introduced in previous update that may block certain access for apps using development environment.
Product: |
ruby-railties |
ruby-activemodel |
ruby-actiontext |
ruby-activejob |
ruby-actionmailbox |
ruby-activestorage |
ruby-actionmailer |
rails |
ruby-activerecord |
ruby-actioncable |
ruby-rails |
ruby-actionview |
ruby-activesupport |
ruby-actionpack |