Vulnerable Library - actionpack-3.0.9.gem

Web apps on Rails. Simple, battle-tested conventions for building and testing MVC web applications. Works with any Rack-compatible server.

Library home page: https://rubygems.org/gems/actionpack-3.0.9.gem

Dependency Hierarchy:

• rails-3.0.9.gem (Root Library)
  • railties-3.0.9.gem
    • ❌ actionpack-3.0.9.gem (Vulnerable Library)

Found in HEAD commit: 0c785fd9400921392b8ee5e3e166f30364359ecc

Found in base branch: master

Vulnerability Details

Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.

Publish Date: 2012-08-10

URL: CVE-2012-3465

CVSS 3 Score Details (5.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: N/A
  • Attack Complexity: N/A
  • Privileges Required: N/A
  • User Interaction: N/A
  • Scope: N/A
• Impact Metrics:
  • Confidentiality Impact: N/A
  • Integrity Impact: N/A
  • Availability Impact: N/A

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2012-3465

Release Date: 2012-08-10

Fix Resolution: 3.0.17,3.1.8,3.2.8