-
-
Notifications
You must be signed in to change notification settings - Fork 218
/
CVE-2011-0446.yml
30 lines (30 loc) · 1.43 KB
/
CVE-2011-0446.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
---
gem: actionview
framework: rails
cve: 2011-0446
ghsa: 75w6-p6mg-vh8j
url: https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ
title: XSS vulnerabilities in the mail_to helper in rails/actionview
date: 2017-10-24
description: |
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to
helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when
javascript encoding is used, allow remote attackers to inject
arbitrary web script or HTML via a crafted (1) name or (2) email value.
cvss_v2: 4.3
patched_versions:
- "~> 2.3.11"
- ">= 3.0.4"
related:
url:
- https://nvd.nist.gov/vuln/detail/CVE-2011-0446
- https://groups.google.com/g/rubyonrails-security/c/8CpI7egxX4E/m/SmtqtyOKWzYJ
- https://github.com/advisories/GHSA-75w6-p6mg-vh8j
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057650.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055074.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055088.html
- http://www.debian.org/security/2011/dsa-2247
- https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43274
- https://web.archive.org/web/20111225083933/http://secunia.com/advisories/43666
- https://web.archive.org/web/20201208053819/http://www.securitytracker.com/id?1025064
- https://web.archive.org/web/20210121211512/http://www.securityfocus.com/bid/46291