CVE-2012-3464 - OpenCVE

Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cloudforms Cloudengine	1
Redhat	Openshift
Rhel Sam	1.1
Rubyonrails	Rails Ruby On Rails

Configuration 1 [-]

OR	cpe:2.3:a:rubyonrails:rails:0.9.1:::::::*
	cpe:2.3:a:rubyonrails:rails:0.9.2:::::::*
	cpe:2.3:a:rubyonrails:rails:0.9.3:::::::*
	cpe:2.3:a:rubyonrails:rails:0.9.4:::::::*
	cpe:2.3:a:rubyonrails:rails:0.9.4.1:::::::*
	cpe:2.3:a:rubyonrails:rails:0.10.0:::::::*
	cpe:2.3:a:rubyonrails:rails:0.10.1:::::::*
	cpe:2.3:a:rubyonrails:rails:0.11.0:::::::*
	cpe:2.3:a:rubyonrails:rails:0.11.1:::::::*
	cpe:2.3:a:rubyonrails:rails:0.12.0:::::::*
	cpe:2.3:a:rubyonrails:rails:0.12.1:::::::*
	cpe:2.3:a:rubyonrails:rails:0.13.0:::::::*
	cpe:2.3:a:rubyonrails:rails:0.13.1:::::::*
	cpe:2.3:a:rubyonrails:rails:0.14.1:::::::*
	cpe:2.3:a:rubyonrails:rails:0.14.2:::::::*
	cpe:2.3:a:rubyonrails:rails:0.14.3:::::::*
	cpe:2.3:a:rubyonrails:rails:0.14.4:::::::*
	cpe:2.3:a:rubyonrails:rails:1.0.0:::::::*
	cpe:2.3:a:rubyonrails:rails:1.1.0:::::::*
	cpe:2.3:a:rubyonrails:rails:1.1.1:::::::*
	cpe:2.3:a:rubyonrails:rails:1.1.2:::::::*
	cpe:2.3:a:rubyonrails:rails:1.1.3:::::::*
	cpe:2.3:a:rubyonrails:rails:1.1.4:::::::*
	cpe:2.3:a:rubyonrails:rails:1.1.5:::::::*
	cpe:2.3:a:rubyonrails:rails:1.1.6:::::::*
	cpe:2.3:a:rubyonrails:rails:1.2.0:::::::*
	cpe:2.3:a:rubyonrails:rails:1.2.1:::::::*
	cpe:2.3:a:rubyonrails:rails:1.2.2:::::::*
	cpe:2.3:a:rubyonrails:rails:1.2.3:::::::*
	cpe:2.3:a:rubyonrails:rails:1.2.4:::::::*
	cpe:2.3:a:rubyonrails:rails:1.2.5:::::::*
	cpe:2.3:a:rubyonrails:rails:1.2.6:::::::*
	cpe:2.3:a:rubyonrails:rails:1.9.5:::::::*
	cpe:2.3:a:rubyonrails:rails:2.0.0:::::::*
	cpe:2.3:a:rubyonrails:rails:2.0.0:rc1::::::
	cpe:2.3:a:rubyonrails:rails:2.0.0:rc2::::::
	cpe:2.3:a:rubyonrails:rails:2.0.1:::::::*
	cpe:2.3:a:rubyonrails:rails:2.0.2:::::::*
	cpe:2.3:a:rubyonrails:rails:2.0.4:::::::*
	cpe:2.3:a:rubyonrails:rails:2.1.0:::::::*
	cpe:2.3:a:rubyonrails:rails:2.1.1:::::::*
	cpe:2.3:a:rubyonrails:rails:2.1.2:::::::*
	cpe:2.3:a:rubyonrails:rails:2.2.0:::::::*
	cpe:2.3:a:rubyonrails:rails:2.2.1:::::::*
	cpe:2.3:a:rubyonrails:rails:2.2.2:::::::*
	cpe:2.3:a:rubyonrails:rails:2.3.2:::::::*
	cpe:2.3:a:rubyonrails:rails:2.3.3:::::::*
	cpe:2.3:a:rubyonrails:rails:2.3.4:::::::*
	cpe:2.3:a:rubyonrails:rails:2.3.9:::::::*
	cpe:2.3:a:rubyonrails:rails:2.3.10:::::::*
	cpe:2.3:a:rubyonrails:rails:2.3.11:::::::*
	cpe:2.3:a:rubyonrails:rails:2.3.12:::::::*
	cpe:2.3:a:rubyonrails:rails:3.0.0:::::::*
	cpe:2.3:a:rubyonrails:rails:3.0.0:beta::::::
	cpe:2.3:a:rubyonrails:rails:3.0.0:beta2::::::
	cpe:2.3:a:rubyonrails:rails:3.0.0:beta3::::::
	cpe:2.3:a:rubyonrails:rails:3.0.0:beta4::::::
	cpe:2.3:a:rubyonrails:rails:3.0.0:rc::::::
	cpe:2.3:a:rubyonrails:rails:3.0.0:rc2::::::
	cpe:2.3:a:rubyonrails:rails:3.0.1:::::::*
	cpe:2.3:a:rubyonrails:rails:3.0.1:pre::::::
	cpe:2.3:a:rubyonrails:rails:3.0.2:::::::*
	cpe:2.3:a:rubyonrails:rails:3.0.2:pre::::::
	cpe:2.3:a:rubyonrails:rails:3.0.3:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.4:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.5:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.5:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.6:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.6:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.6:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.0.7:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.7:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.7:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.0.8:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.8:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.8:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.0.8:rc3::::::
cpe:2.3:a:rubyonrails:rails:3.0.8:rc4::::::
cpe:2.3:a:rubyonrails:rails:3.0.9:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.9:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.9:rc2::::::
cpe:2.3:a:rubyonrails:rails:3.0.9:rc3::::::
cpe:2.3:a:rubyonrails:rails:3.0.9:rc4::::::
cpe:2.3:a:rubyonrails:rails:3.0.9:rc5::::::
cpe:2.3:a:rubyonrails:rails:3.0.10:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.10:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.11:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.12:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.12:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.13:::::::*
cpe:2.3:a:rubyonrails:rails:3.0.13:rc1::::::
cpe:2.3:a:rubyonrails:rails:3.0.14:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails::::::::
cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.0:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.5:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.6:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.5.7:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.0:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.6.5:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.7.0:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.0:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.8.5:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:0.9.0:::::::*
cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:rubyonrails:rails:3.1.0:::::::*
	cpe:2.3:a:rubyonrails:rails:3.1.0:beta1::::::
	cpe:2.3:a:rubyonrails:rails:3.1.0:rc1::::::
	cpe:2.3:a:rubyonrails:rails:3.1.0:rc2::::::
	cpe:2.3:a:rubyonrails:rails:3.1.0:rc3::::::
	cpe:2.3:a:rubyonrails:rails:3.1.0:rc4::::::
	cpe:2.3:a:rubyonrails:rails:3.1.0:rc5::::::
	cpe:2.3:a:rubyonrails:rails:3.1.0:rc6::::::
	cpe:2.3:a:rubyonrails:rails:3.1.0:rc7::::::
	cpe:2.3:a:rubyonrails:rails:3.1.0:rc8::::::
	cpe:2.3:a:rubyonrails:rails:3.1.1:::::::*
	cpe:2.3:a:rubyonrails:rails:3.1.1:rc1::::::
	cpe:2.3:a:rubyonrails:rails:3.1.1:rc2::::::
	cpe:2.3:a:rubyonrails:rails:3.1.1:rc3::::::
	cpe:2.3:a:rubyonrails:rails:3.1.2:::::::*
	cpe:2.3:a:rubyonrails:rails:3.1.2:rc1::::::
	cpe:2.3:a:rubyonrails:rails:3.1.2:rc2::::::
	cpe:2.3:a:rubyonrails:rails:3.1.3:::::::*
	cpe:2.3:a:rubyonrails:rails:3.1.4:::::::*
	cpe:2.3:a:rubyonrails:rails:3.1.4:rc1::::::
	cpe:2.3:a:rubyonrails:rails:3.1.5:::::::*
	cpe:2.3:a:rubyonrails:rails:3.1.5:rc1::::::
	cpe:2.3:a:rubyonrails:rails:3.1.6:::::::*
	cpe:2.3:a:rubyonrails:rails:3.1.7:::::::*

Configuration 3 [-]

OR	cpe:2.3:a:rubyonrails:rails:3.2.0:::::::*
	cpe:2.3:a:rubyonrails:rails:3.2.0:rc1::::::
	cpe:2.3:a:rubyonrails:rails:3.2.0:rc2::::::
	cpe:2.3:a:rubyonrails:rails:3.2.1:::::::*
	cpe:2.3:a:rubyonrails:rails:3.2.2:::::::*
	cpe:2.3:a:rubyonrails:rails:3.2.2:rc1::::::
	cpe:2.3:a:rubyonrails:rails:3.2.3:::::::*
	cpe:2.3:a:rubyonrails:rails:3.2.3:rc1::::::
	cpe:2.3:a:rubyonrails:rails:3.2.3:rc2::::::
	cpe:2.3:a:rubyonrails:rails:3.2.4:::::::*
	cpe:2.3:a:rubyonrails:rails:3.2.4:rc1::::::
	cpe:2.3:a:rubyonrails:rails:3.2.5:::::::*
	cpe:2.3:a:rubyonrails:rails:3.2.6:::::::*
	cpe:2.3:a:rubyonrails:rails:3.2.7:::::::*

Package	CPE	Advisory	Released Date
CloudForms for RHEL 6
converge-ui-devel-0:1.0.4-1.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
puppet-0:2.6.17-2.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-actionpack-1:3.0.10-10.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-activerecord-1:3.0.10-6.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-activesupport-1:3.0.10-4.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-chunky_png-0:1.2.0-3.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-compass-0:0.11.5-2.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-compass-960-plugin-0:0.10.4-2.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-delayed_job-0:2.1.4-2.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-ldap_fluff-0:0.1.3-1.el6_3	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-mail-0:2.3.0-3.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
rubygem-net-ldap-0:0.1.1-3.el6cf	cpe:/a:cloudforms_cloudengine:1::el6	RHSA-2012:1542	2012-12-04T00:00:00Z
Red Hat Subscription Asset Manager 1.1
rubygem-actionpack-1:3.0.10-11.el6cf	cpe:/a:rhel_sam:1.1::el6	RHSA-2013:0154	2013-01-10T00:00:00Z
rubygem-activerecord-1:3.0.10-8.el6cf	cpe:/a:rhel_sam:1.1::el6	RHSA-2013:0154	2013-01-10T00:00:00Z
rubygem-activesupport-1:3.0.10-5.el6cf	cpe:/a:rhel_sam:1.1::el6	RHSA-2013:0154	2013-01-10T00:00:00Z
RHEL 6 Version of OpenShift Enterprise
graphviz-0:2.26.0-10.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-console-0:0.0.16-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-broker-0:1.0.11-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-broker-util-0:1.0.15-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-cron-1.4-0:1.0.3-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-diy-0.1-0:1.0.3-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-haproxy-1.4-0:1.0.4-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-jbosseap-6.0-0:1.0.4-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-jbossews-1.0-0:1.0.13-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-jenkins-1.4-0:1.0.2-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-jenkins-client-1.4-0:1.0.2-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-mysql-5.1-0:1.0.5-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-perl-5.10-0:1.0.3-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-php-5.3-0:1.0.5-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-postgresql-8.4-0:1.0.3-2.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-ruby-1.8-0:1.0.7-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-cartridge-ruby-1.9-scl-0:1.0.8-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
openshift-origin-msg-node-mcollective-0:1.0.3-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
php-0:5.3.3-22.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
ruby193-ruby-0:1.9.3.327-25.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
ruby193-rubygem-actionpack-1:3.2.8-3.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
ruby193-rubygem-activemodel-0:3.2.8-2.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
ruby193-rubygem-activerecord-1:3.2.8-3.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
ruby193-rubygem-railties-0:3.2.8-2.el6	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
ruby193-rubygem-ruby_parser-0:2.3.1-3.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-actionpack-1:3.0.13-4.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-activemodel-0:3.0.13-3.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-activerecord-1:3.0.13-5.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-bson-0:1.8.1-2.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-mongo-0:1.8.1-2.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-openshift-origin-auth-remote-user-0:1.0.5-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-openshift-origin-console-0:1.0.10-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-openshift-origin-controller-0:1.0.12-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-openshift-origin-node-0:1.0.11-1.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z
rubygem-ruby_parser-0:2.0.4-6.el6op	cpe:/a:redhat:openshift:1::el6	RHSA-2013:0582	2013-02-28T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2013-0154.html
http://secunia.com/advisories/50694
http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/
https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain
https://nvd.nist.gov/vuln/detail/CVE-2012-3464
https://www.cve.org/CVERecord?id=CVE-2012-3464

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-10T10:00:00

Updated: 2024-08-06T20:05:12.658Z

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3464

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-08-10T10:34:47.890

Modified: 2019-08-08T15:42:45.623

Link: CVE-2012-3464

Redhat

Severity : Moderate

Publid Date: 2012-08-09T00:00:00Z

Links: CVE-2012-3464 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object