Bugzilla – Bug 750621
VUL-0: CVE-2012-1098: rubygem-rails: string class XSS vulnerability
Last modified: 2015-03-05 08:35:55 UTC
A cross-site scripting (XSS) flaw was found in the way the String class, used in Ruby on Rails, performed HTML escaping of SafeBuffer objects, when such objects were manipulated directly via '[]' method or other methods, also returning new instances of SafeBuffer object. By using these methods, such newly returned SafeBuffer instances would be inadvertently marked as HTML safe. If a Ruby on Rails application used SafeBuffer objects this way, a remote attacker could provide a specially-crafted input, which once processed by such SafeBuffer instance would pass the HTML escaping test without further filtering, possibly leading to arbitrary HTML or webscript execution. http://groups.google.com/group/rubyonrails-security/browse_thread/thread/edd28f1e3d04e913
The SWAMPID for this issue is 46071. This issue was rated as moderate. Please submit fixed packages until 2012-03-28. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Submitted the following packages to SP2 rubygem-actionmailer-3_1 rubygem-actionpack-3_1 rubygem-activemodel-3_1 rubygem-activerecord-3_1 rubygem-activeresource-3_1 rubygem-activesupport-3_1 rubygem-rails-3_1 rubygem-railties-3_1 Additionally those 2 packages have to be updated aswell: rubygem-arel-2_2 rubygem-rack-1_3
Requests created: 18327 18328 18329 18330 18331 18332 18333 18334 18335 18336 Successfully finished
therefore done