Skip to content

CVE-2015-3226 (Medium) detected in activesupport-4.1.0.gem #28

Open
Open
CVE-2015-3226 (Medium) detected in activesupport-4.1.0.gem#28
Labels
security vulnerabilitySecurity vulnerability detected by WhiteSource
@mend-bolt-for-github

Description

@mend-bolt-for-github
mend-bolt-for-github
bot
opened on Apr 19, 2020

CVE-2015-3226 - Medium Severity Vulnerability

Vulnerable Library - activesupport-4.1.0.gem

A toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Rich support for multibyte strings, internationalization, time zones, and testing.

Library home page: https://rubygems.org/gems/activesupport-4.1.0.gem

Path to dependency file: /tmp/ws-scm/app1/Gemfile.lock

Path to vulnerable library: /var/lib/gems/2.5.0/cache/activesupport-4.1.0.gem

Dependency Hierarchy:

  • sass-rails-4.0.3.gem (Root Library)
    • railties-4.1.0.gem
      • activesupport-4.1.0.gem (Vulnerable Library)

Found in HEAD commit: 9d946faa10e3050193fb56220287f7565773de83

Vulnerability Details

Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.

Publish Date: 2015-07-26

URL: CVE-2015-3226

CVSS 2 Score Details (4.3)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-3226

Release Date: 2015-07-26

Fix Resolution: 4.1.11,4.2.2

Metadata

Metadata

Assignees

No one assigned

    Labels

    security vulnerabilitySecurity vulnerability detected by WhiteSource

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions