VDB
CVE-2012-3464
CVE-2012-3464
PUBLISHED
Reported by redhat · Published August 10, 2012
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| RubyGems | activesupport | *, 3.1.0, 0 |
| n/a | n/a | *, n/a, n/a |
Exploit Intelligence
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
…and 50 more exploits
Timeline
- Aug 10, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- x_refsource_CONFIRM
- 50694 third-party-advisoryx_refsource_SECUNIA
- RHSA-2013:0154 vendor-advisoryx_refsource_REDHAT
- [rubyonrails-security] 20120810 Potential XSS Vulnerability in Ruby on Rails mailing-listx_refsource_MLIST
- https://nvd.nist.gov/vuln/detail/CVE-2012-3464 advisory
- https://github.com/advisories/GHSA-h835-75hw-pj89 advisory
- https://github.com/rails/rails/issues/7215 url
- https://github.com/rails/rails/commit/28f2c6f4037081da0a82104a3f473165ed4ed2ce patch
- https://github.com/rails/rails/commit/780a718723cf87b49cfe204d355948c4e0932d23 patch
- https://github.com/rails/rails/commit/d0c9759d3aeb6327d68dd6c0de0fe2fed4e3c870 patch
- https://github.com/rails/rails/commit/d549df7133f2b0bad8112890d478c33e990e12bc patch
- https://github.com/rails/rails url
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml advisory