CERTA-2011-AVI-339
Vulnerability from certfr_avis

Une vulnérabilité de type injection de code indirecte à distance (XSS) a été identifiée dans Ruby on Rails.

Description

Ruby on Rails utilise un mécanisme de prévention des XSS en protégeant les chaînes de caractères présentées au client avant de les marquer comme étant html safe. Une vulnérabilité dans ce mécanisme permet de créer une chaîne html safe alors que celle ci n'a pas été protégée, ce qui permet de provoquer une injection de code indirecte à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Ruby on Rails Ruby on Rails Ruby on Rails 3.0.x ;
Ruby on Rails Ruby on Rails Ruby on Rails 2.3.x
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails 3.0.x ;",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails 2.3.x",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nRuby on Rails utilise un m\u00e9canisme de pr\u00e9vention des XSS en prot\u00e9geant\nles cha\u00eenes de caract\u00e8res pr\u00e9sent\u00e9es au client avant de les marquer\ncomme \u00e9tant html safe. Une vuln\u00e9rabilit\u00e9 dans ce m\u00e9canisme permet de\ncr\u00e9er une cha\u00eene html safe alors que celle ci n\u0027a pas \u00e9t\u00e9 prot\u00e9g\u00e9e, ce\nqui permet de provoquer une injection de code indirecte \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2011-06-14T00:00:00",
  "last_revision_date": "2011-06-14T00:00:00",
  "links": [
    {
      "title": "Notes des versions 2.3.12, 3.0.8 et 3.1.0.rc2 de Ruby on    Rails du 08 juin 2011 :",
      "url": "http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications"
    }
  ],
  "reference": "CERTA-2011-AVI-339",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de type injection de code indirecte \u00e0 distance (\u003cspan\nclass=\"textit\"\u003eXSS\u003c/span\u003e) a \u00e9t\u00e9 identifi\u00e9e dans Ruby on Rails.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes des versions 2.3.12, 3.0.8 et 3.1.0.rc2 de Ruby on Rails du 08 juin 2011",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.