Download
| Alert*
DSA-3651-1 rails -- rails
Andrew Carpenter of Critical Juncture discovered a cross-site scripting vulnerability affecting Action View in rails, a web application framework written in Ruby. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers.
|