{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-11T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as \"HTML safe\" and used as attribute values in tag handlers."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-08T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2016:1856", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://puppet.com/security/cve/cve-2016-6316"}, {"name": "92430", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/92430"}, {"name": "RHSA-2016:1855", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"}, {"name": "[oss-security] 20160811 [CVE-2016-6316] Possible XSS Vulnerability in Action View", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/3"}, {"name": "RHSA-2016:1858", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html"}, {"name": "RHSA-2016:1857", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"}, {"name": "[ruby-security-ann] 20160811 [CVE-2016-6316] Possible XSS Vulnerability in Action View", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://groups.google.com/forum/#%21topic/ruby-security-ann/8B2iV2tPRSE"}, {"name": "DSA-3651", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2016/dsa-3651"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2016-6316", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as \"HTML safe\" and used as attribute values in tag handlers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2016:1856", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html"}, {"name": "https://puppet.com/security/cve/cve-2016-6316", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2016-6316"}, {"name": "92430", "refsource": "BID", "url": "http://www.securityfocus.com/bid/92430"}, {"name": "RHSA-2016:1855", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"}, {"name": "[oss-security] 20160811 [CVE-2016-6316] Possible XSS Vulnerability in Action View", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/08/11/3"}, {"name": "RHSA-2016:1858", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html"}, {"name": "RHSA-2016:1857", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html"}, {"name": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/", "refsource": "CONFIRM", "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"}, {"name": "[ruby-security-ann] 20160811 [CVE-2016-6316] Possible XSS Vulnerability in Action View", "refsource": "MLIST", "url": "https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE"}, {"name": "DSA-3651", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2016/dsa-3651"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:29:18.216Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2016:1856", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppet.com/security/cve/cve-2016-6316"}, {"name": "92430", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/92430"}, {"name": "RHSA-2016:1855", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"}, {"name": "[oss-security] 20160811 [CVE-2016-6316] Possible XSS Vulnerability in Action View", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/3"}, {"name": "RHSA-2016:1858", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html"}, {"name": "RHSA-2016:1857", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"}, {"name": "[ruby-security-ann] 20160811 [CVE-2016-6316] Possible XSS Vulnerability in Action View", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://groups.google.com/forum/#%21topic/ruby-security-ann/8B2iV2tPRSE"}, {"name": "DSA-3651", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2016/dsa-3651"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2016-6316", "datePublished": "2016-09-07T19:00:00", "dateReserved": "2016-07-26T00:00:00", "dateUpdated": "2024-08-06T01:29:18.216Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E3BE7DFE-BA20-434B-A1DE-AD038B255C60", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*", "matchCriteriaId": "DCEE5B21-C990-4705-8239-0D7B29DAEDA1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "65EE33B1-B079-4CDE-B9C2-F1613A4610DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "5CAAA20B-824F-4448-99DC-9712FE628073", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "D2BEBDFB-0F30-454A-B74C-F820C9D2708B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*", "matchCriteriaId": "1D7CD8C1-95D1-477E-AD96-6582EC33BA01", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "B6F00D98-3D0F-40AF-AE4F-090B1E6B660C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "9476CE55-69C0-45D3-B723-6F459C90BF05", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "112FC73B-A8BC-4EEA-9F4B-CCE685EF2838", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "D26565B1-2BA6-4A3C-9264-7FC9A1820B59", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "644EF85E-6D3E-4F5C-96B0-49AD2A2D90CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "392E2D58-CB39-4832-B4D9-9C2E23B8E14C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "1F2466EA-7039-46A1-B4A3-8DACD1953A59", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "0CAB4E72-0A15-4B26-9B69-074C278568D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "A085E105-9375-440A-80CB-9B23E6D7EB4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "25911E48-C5D7-4ED8-B4DB-7523A74CCF49", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "FE6EC1E5-3A4A-4751-9F77-28EF5AF681E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "B29674E3-CC80-446B-9A43-82594AE7A058", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*", "matchCriteriaId": "FF34D8CB-2B6D-4CB8-A206-108293BCFFE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "8E5187F6-E3AC-4E0D-B1D0-83DE76C20A4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "272268EE-E3E8-4683-B679-55D748877A7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "7B69FD33-61FE-4F10-BBE1-215F59035D30", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*", "matchCriteriaId": "08D7CB5D-82EF-4A24-A792-938FAB40863D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*", "matchCriteriaId": "8A044B21-47D5-468D-AF4A-06B3B5CC0824", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "2196F3D0-532A-40F9-843A-1DFBC8B63FDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "CBEDA932-6CB5-438C-94E4-824732A91BE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "903E5524-5E45-48CE-A804-EDAEBE3A79AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*", "matchCriteriaId": "08534AF2-F94E-4FB6-A572-4FB9827276D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*", "matchCriteriaId": "29E3B4A6-1346-4358-B7BC-84D00ED3ABBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*", "matchCriteriaId": "B52D7A6B-DD93-45F0-9186-18ABEFF28DF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "1F07C641-48DF-43BE-9EB5-72B337C54846", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "A1CB1B12-99F5-430F-AE19-9A95C17FA123", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "D1A7C449-8F9A-4CE5-9C3D-375996BFAEE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "05D5D58C-DB79-41EA-81AE-5D95C48211B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "FE331D6D-99BA-4369-AD8B-B556DEE4955F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "58304E17-ADFD-4686-9CCF-C1CA31843B94", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "05108EF0-81AD-4378-9843-5C23F2AC79A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "4EE7DA7E-23A5-42AF-9D5C-39240CE2FBDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "0C448F62-8231-4221-ADA0-C9B848AE03D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "5FBD11A1-51C7-4AF7-AA0B-3A14C5435E70", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "60255706-C44A-48CB-B98B-A1F0991CBC74", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "0456E2E8-EF06-414E-8A7D-8005F0EB46B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "D9EE4763-2495-4B6A-B72F-344967E51C27", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB51F3E9-4899-49A9-9E7B-0DCA92A91DD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "F884F2F4-94F3-46CB-860B-1BCC0EEF408A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "88DFBB48-1C29-4639-9369-F5B413CA2337", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "D37696D7-BEE6-4587-9E33-A7FE24780409", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "E95B5D44-0C8D-47BC-A89D-48A5BDEB84F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "1DFDAF6A-76AA-436F-A4F3-DA69892DE2B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "D3172982-3FA4-427F-BE3E-2321D804E49D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "FD6EC85B-F092-48FF-966A-96B9227C8656", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*", "matchCriteriaId": "9000F3C1-57A0-474C-9C82-E58688F29838", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*", "matchCriteriaId": "6E55E42E-AB6A-4E47-AC69-DFDAEB0A8735", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A42F4E7A-6F6A-485C-8D30-95F3B0285922", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "30B9C0CB-F6E6-4233-84E4-D6E69104DD73", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "84309CC7-A8B7-4ADB-AEA1-964DA5F7B0E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "5343241F-274D-45FF-97C7-2BC2E920BAF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "FED122B8-AF4C-4C48-B1E5-54F4A7A31A53", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "157ACCAD-0FB8-4CC9-9DFB-70835DE6506C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "3E50ACF6-7277-4C9A-B42A-E7EFDC317691", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C191DC2B-1EC3-48E0-A586-867E6EE4431C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "3AA51263-6680-42C6-B119-8241D6F76206", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "B4BC41E8-FEDA-4C31-B479-D49A59FC4D63", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "09C20971-53B5-43B0-AC45-5AA0FDF1B054", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "D1AEFA5D-A793-4BAB-8DED-3D3A31260AD8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "496902D6-409A-40D9-849F-C41264BE5B04", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "2482AB3F-8303-4F95-BE04-C5F06EEF2015", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "244C6952-377C-4AF0-8BA2-C34516A3EB5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "98A79CC5-71EC-4E90-9E99-2DF62ABC0122", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "6562F3C3-D794-4107-95D4-1C0B0486940B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "11F211A0-AC69-482A-B659-AEE7BE4E4CD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2816C02C-E13E-4367-91F3-14756A90EC9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "E82AF7C7-B725-40EF-8EE3-18F8E7FAEB29", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "1AE674DE-65DB-437E-A034-A2EE5C584B33", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0524F3E3-BAD7-4CD3-A6E7-74CFBE4B46E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "32EB2C3F-0F24-43DB-988E-BD2973598F71", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "EB32713D-FE64-445E-872E-B4678C243AB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "C55E6B4A-2B9C-46C8-A739-109EA4BA7FD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "89C618DC-38BC-4484-8C41-BC38B7EB636B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "FE1EF01A-F358-45D3-ADA2-51DD1D8CB6E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC2616BD-A4E8-42F3-BB5A-7517DC4EDA3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "0E376782-98B0-4766-B6FC-67E032A00C62", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "96D08DC1-14E9-4DB9-BC95-3F73B454FBC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "F365C9E5-27DC-46C3-AFE4-4876EC7B352B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "6F0016A6-0ED6-443D-B969-CB1226D8E28C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "42232305-7D62-4692-81CC-B7E9CE642372", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "E69470EA-5EBC-4FB9-A722-5B61C70C1140", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "DD2818D7-5006-4486-AE55-47B63C8F114B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.8:rc2:*:*:*:*:*:*", "matchCriteriaId": "83EF40E0-1C62-415A-892B-C071B109D924", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "B13A8EBB-4211-4AB1-8872-244EEEE20ABD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "22D707A0-7CA9-4CED-8DBA-1B50B57EDB2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "0C3CADF8-3316-4514-9A70-AD3DF16B19E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.9:rc3:*:*:*:*:*:*", "matchCriteriaId": "D0D4AF31-A47B-4BE3-A99B-9A0EB7C53D20", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "C9AB2152-DED8-4CFD-B915-94A9F56FDD05", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "C630AB60-DBAF-421E-B663-492BAE8A180F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "0F41CCF8-14EB-4327-A675-83BFDBB53196", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "75842F7D-B1B1-48BA-858F-01148867B3AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "FE65D701-AA6E-48E4-B62B-C22DEE863503", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "17B1E475-C873-4561-9348-027721C08D79", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "C0406FF0-30F5-40E2-B9B8-FE465D923DE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "6646610D-279B-4AEC-B445-981E7784EE5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "50F51980-EAD9-4E4D-A2E7-1FACFA80AAB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "CC02A7D1-CB1A-4793-86E3-CF88D0BCDF83", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "A499584B-6E2E-42F3-B0CE-DA7BDD732897", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.21:*:*:*:*:*:*:*", "matchCriteriaId": "AE982FFD-D30F-4872-9C36-74DE50405B18", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:3.2.22.2:*:*:*:*:*:*:*", "matchCriteriaId": "EA770BE3-DD37-45C9-9E6D-8D3407D1A5D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "2E950E33-CD03-45F5-83F9-F106060B4A8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.0:beta:*:*:*:*:*:*", "matchCriteriaId": "547C62C8-4B3E-431B-AA73-5C42ED884671", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "4CDAD329-35F7-4C82-8019-A0CF6D069059", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "56D3858B-0FEE-4E8D-83C2-68AF0431F478", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.1:-:*:*:*:*:*:*", "matchCriteriaId": "254884EE-EBA4-45D0-9704-B5CB22569668", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "35FC7015-267C-403B-A23D-EDA6223D2104", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "5C913A56-959D-44F1-BD89-D246C66D1F09", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "5D5BA926-38EE-47BE-9D16-FDCF360A503B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "18EA25F1-279A-4F1A-883D-C064369F592E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "FD794856-6F30-4ABF-8AE4-720BB75E6F89", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "B4199B8B-A6F9-4BFD-8D27-0E663D8C579D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "F11E76A3-FA5B-4038-AB52-3D7D5E54D8A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "C583ACDE-55D5-4D2F-838F-BEC5BDCDE3B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "767C481D-6616-4CA9-9A9B-C994D9121796", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "D5496953-0C5E-45F8-A7FB-240CEC2CCEB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "CA46B621-125E-497F-B2DE-91C989B25936", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "B3239443-2E19-4540-BA0C-05A27E44CB6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "104AC9CF-6611-4469-9852-7FDAF4EC7638", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "DC9E1864-B1E5-42C3-B4AF-9A002916B66D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "31AC91AA-6A9A-43B4-B3E9-A66A34B6E612", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "A462C151-982E-4A83-A376-025015F40645", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "660C2AD2-CEC8-4391-84AF-27515A88B29E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.0.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "578CC013-776B-4868-B448-B7ACAF3AF832", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "C310EA3E-399A-48FD-8DE9-6950E328CF23", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "293B2998-5169-4960-BEC4-21DAC837E32B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "FB42A8E7-D273-4CE2-9182-D831D8089BFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "DB757DFD-BF47-4483-A2C0-DF37F7D10989", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "B6C375F2-5027-4B55-9112-C5DD2F787E43", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "EAB8D57F-9849-428C-B8E9-D0A1020728BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B0359DA8-6B41-46C5-AA95-41B1B366DD4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "0965BDB6-9644-465C-AA32-9278B2D53197", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc2:*:*:*:*:*:*", "matchCriteriaId": "7F6B15CF-37C1-4C9B-8457-4A8C9A480188", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.2:rc3:*:*:*:*:*:*", "matchCriteriaId": "072EB16D-1325-4869-B156-65E786A834C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "847B3C3D-8656-404D-A954-09C159EDC8E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "65CA2D50-B33C-4088-BDDF-EB964C9A092C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "CADB5989-5260-4F60-ACF2-BEB6D7F97654", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "9036E3C7-0AD5-489D-BCEE-31DFE13F5ADA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "509597D0-22E1-4BE8-95AD-C54FE4D15FA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "B86E26CB-2376-4EBC-913C-B354E2D6711B", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "539C550D-FEDD-415E-95AE-40E1AE2BAF1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5150753-E86D-4859-A046-97B83EAE2C14", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "59C5B869-74FC-4051-A103-A721332B3CF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "7C31EBD2-CD2D-4D38-AA51-A5A56487939A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "F11E9791-7BCE-43E5-A4BA-6449623FE4F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "33FBD4E4-0BCD-49E1-BA84-86621B7C4556", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "CE521626-2876-455C-9D99-DB74726DC724", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "2DFDD32E-F49E-47F7-B033-B6C3C0E07FC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "DCBA26F1-FBBA-444D-9C14-F15AB14A4FC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.10:rc4:*:*:*:*:*:*", "matchCriteriaId": "16D3B0EA-49F7-401A-A1D9-437429D33EAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "83D1EB17-EE67-48E5-B637-AA9A75D397F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "17EBD8B4-C4D3-44A6-9DC1-89D948F126A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "A2B1711A-5541-412C-A5A0-274CEAB9E387", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "FCB08CD7-E9B9-454F-BAF7-96162D177677", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C3AF00C3-93D9-4284-BCB9-40E42CB8386E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "0D3DA0B4-E374-4ED4-8C3B-F723C968666F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.14:rc2:*:*:*:*:*:*", "matchCriteriaId": "B1730A9A-6810-4470-AE6C-A5356D5BFF43", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE4B688E-8638-4539-961D-4FDCBEB4B1C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "5D0346BB-9180-4FE5-AA35-DC466675ED5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "2D6DD9BF-F174-4BE3-9910-BDE3658DC36E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "40B79E40-75CB-4EBB-8A4B-AF41AED2AE1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.1.16:rc1:*:*:*:*:*:*", "matchCriteriaId": "89B4DCF6-1A21-4B91-ACB4-7DE05487C497", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "9A68D41F-36A9-4B77-814D-996F4E48FA79", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "709A19A5-8FD1-4F9C-A38C-F06242A94D68", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "8104482C-E8F5-40A7-8B27-234FEF725FD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "2CFF8677-EA00-4F7E-BFF9-272482206DB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "8D7DF5CD-DA28-492D-B5EE-D252ECCC8D96", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "85435026-9855-4BF4-A436-832628B005FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "56C2308F-A590-47B0-9791-7865D189196F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "9A266882-DABA-4A4C-88E6-60E993EE0947", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "83F1142C-3BFB-4B72-A033-81E20DB19D02", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "1FA738A1-227B-4665-B65E-666883FFAE96", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "6F00718C-A9E8-4E85-8DA6-33BF11F2DCCE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "10789A2D-6401-4119-BFBE-2EE4C16216D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.1:rc4:*:*:*:*:*:*", "matchCriteriaId": "70ABD462-7142-4831-8EB6-801EC1D05573", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "81D717DB-7C80-48AA-A774-E291D2E75D6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "06B357FB-0307-4EFA-9C5B-3C2CDEA48584", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "E4BD8840-0F1C-49D3-B843-9CFE64948018", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "79D5B492-43F9-470F-BD21-6EFD93E78453", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "4EC1F602-D48C-458A-A063-4050BE3BB25F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "F6A1C015-56AD-489C-B301-68CF1DBF1BEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "FD191625-ACE2-46B6-9AAD-12D682C732C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5:rc2:*:*:*:*:*:*", "matchCriteriaId": "02C7DB56-267B-4057-A9BA-36D1E58C6282", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC163D49-691B-4125-A983-6CF6F6D86DEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "68B537D1-1584-4D15-9C75-08ED4D45DC3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "6A19315C-9A9D-45FE-81C8-074744825B98", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "1E3B4233-E117-4E77-A60D-3DFD5073154D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "392CF25B-8400-4185-863F-D6353B664FB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:4.2.7:rc1:*:*:*:*:*:*", "matchCriteriaId": "3037282A-863A-4C92-A40C-4D436D2621C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "AF8F94CF-D504-4165-A69E-3F1198CB162A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta1.1:*:*:*:*:*:*", "matchCriteriaId": "C8C25977-AB6C-45E1-8956-871EB31B36BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "5F0AB6B0-3506-4332-A183-309FAC4882CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "6D7B4EBC-B634-4AD7-9F7A-54D14821D5AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "F844FB25-6E27-412F-8394-A7FB15AC1191", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "A4E608ED-F4AB-4F29-B34E-2841A59580A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:rails:5.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "6320DD44-7D7E-4075-A865-BEAFF86FDA9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "224BD488-0D7E-4F8B-9012-DE872DEB544C", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "A325F57E-0055-4279-9ED7-A26E75FC38E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "9A3BA4AE-B4F0-4204-AFA1-1016F0A6F7AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.14:rc2:*:*:*:*:*:*", "matchCriteriaId": "991F368C-CEB5-4DE6-A7EE-C341F358A4CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "01DB164E-E08E-4649-84BD-15B4159A3AA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "E0F7ECFB-86A1-4F00-AD47-971FA23C6D21", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.19:*:*:*:*:*:*:*", "matchCriteriaId": "69702127-AB96-4FE0-9AC4-FBE7B8CA77E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.20:*:*:*:*:*:*:*", "matchCriteriaId": "48D71F7B-CF93-41D4-A824-51CB11F08692", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.22:*:*:*:*:*:*:*", "matchCriteriaId": "60CE659B-DF49-477B-8879-C33823F6527F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:3.2.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "7EF68196-7C9E-40FE-868D-C42FF82D52EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "9C8E749B-2908-442A-99F0-91E2772336ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "9E43D2D7-89AE-4805-9732-F1C601D8D8B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "5F3D8911-060D-435D-ACA2-E29271170CAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "EA7A4939-16CF-450D-846A-75B231E32D61", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "C964D4A2-3F39-4CC7-A028-B42C94DDB56F", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.0.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "3B54D9FE-0A38-4053-9F3C-8831E2DD2BF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "23FD6D82-9A14-4BD4-AA00-1875F0962ACE", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:4.1.14.1:*:*:*:*:*:*:*", "matchCriteriaId": "91AB2B26-A6F1-44D2-92EB-8078DD6FD63A", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E971CF9D-B807-4A74-81EB-D7CB4E5B8099", "vulnerable": true}, {"criteria": "cpe:2.3:a:rubyonrails:ruby_on_rails:5.0.0:racecar1:*:*:*:*:*:*", "matchCriteriaId": "0B31291C-CBB5-4E51-B0AC-4144E8BAD65B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as \"HTML safe\" and used as attribute values in tag handlers."}, {"lang": "es", "value": "Vulnerabilidad de XSS en Action View en Ruby en Rails 3.x en versiones anteriores a 3.2.22.3, 4.x en versiones anteriores a 4.2.7.1 y 5.x en versiones anteriores a 5.0.0.1 podr\u00eda permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de texto declarado como \"HTML safe\" y utilizado como valores de atributos en los manejadores de etiquetas."}], "id": "CVE-2016-6316", "lastModified": "2023-11-07T02:33:58.203", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-09-07T19:28:10.067", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1855.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1856.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1857.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-1858.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2016/dsa-3651"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/08/11/3"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/92430"}, {"source": "secalert@redhat.com", "url": "https://groups.google.com/forum/#%21topic/ruby-security-ann/8B2iV2tPRSE"}, {"source": "secalert@redhat.com", "url": "https://puppet.com/security/cve/cve-2016-6316"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Andrew Carpenter (Critical Juncture) as the original reporter.", "affected_release": [{"advisory": "RHSA-2016:1856", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-ror41-rubygem-actionview-0:4.1.5-6.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1857", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "ror40-rubygem-actionpack-1:4.0.2-8.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1858", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "ruby193-rubygem-actionpack-1:3.2.8-20.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1856", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-ror41-rubygem-actionview-0:4.1.5-6.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1857", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "ror40-rubygem-actionpack-1:4.0.2-8.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1858", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "ruby193-rubygem-actionpack-1:3.2.8-20.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1856", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "rh-ror41-rubygem-actionview-0:4.1.5-6.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1857", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "ror40-rubygem-actionpack-1:4.0.2-8.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1858", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el6", "package": "ruby193-rubygem-actionpack-1:3.2.8-20.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-actionpack-1:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-actionview-0:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-activerecord-1:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1856", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror41-rubygem-actionview-0:4.1.5-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1857", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "ror40-rubygem-actionpack-1:4.0.2-8.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1858", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "ruby193-rubygem-actionpack-1:3.2.8-20.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-actionpack-1:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-actionview-0:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-activerecord-1:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1856", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror41-rubygem-actionview-0:4.1.5-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1857", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "ror40-rubygem-actionpack-1:4.0.2-8.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1858", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "ruby193-rubygem-actionpack-1:3.2.8-20.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-actionpack-1:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-actionview-0:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1855", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror42-rubygem-activerecord-1:4.2.6-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1856", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "rh-ror41-rubygem-actionview-0:4.1.5-6.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1857", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "ror40-rubygem-actionpack-1:4.0.2-8.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-09-13T00:00:00Z"}, {"advisory": "RHSA-2016:1858", "cpe": "cpe:/a:redhat:rhel_software_collections:2::el7", "package": "ruby193-rubygem-actionpack-1:3.2.8-20.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS", "release_date": "2016-09-13T00:00:00Z"}], "bugzilla": {"description": "rubygem-actionview: cross-site scripting flaw in Action View", "id": "1365008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1365008"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as \"HTML safe\" and used as attribute values in tag handlers.", "It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack."], "name": "CVE-2016-6316", "package_state": [{"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Affected", "package_name": "ruby193-rubygem-actionpack", "product_name": "Red Hat Subscription Asset Manager"}], "public_date": "2016-08-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-6316\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-6316\nhttps://groups.google.com/forum/#!msg/rubyonrails-security/I-VWr034ouk/gGu2FrCwDAAJ"], "threat_severity": "Moderate", "upstream_fix": "rubygem-actionpack 3.2.22.3, rubygem-actionview 5.0.0.1, rubygem-actionview 4.2.7.1"}