CERTA-2011-AVI-339

Vulnerability from certfr_avis - Published: 2011-06-14 - Updated: 2011-06-14

Une vulnérabilité de type injection de code indirecte à distance (XSS) a été identifiée dans Ruby on Rails.

Description

Ruby on Rails utilise un mécanisme de prévention des XSS en protégeant les chaînes de caractères présentées au client avant de les marquer comme étant html safe. Une vulnérabilité dans ce mécanisme permet de créer une chaîne html safe alors que celle ci n'a pas été protégée, ce qui permet de provoquer une injection de code indirecte à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Ruby on Rails Ruby on Rails Ruby on Rails 3.0.x ;
Ruby on Rails Ruby on Rails Ruby on Rails 2.3.x
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Ruby on Rails 3.0.x ;",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    },
    {
      "description": "Ruby on Rails 2.3.x",
      "product": {
        "name": "Ruby on Rails",
        "vendor": {
          "name": "Ruby on Rails",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nRuby on Rails utilise un m\u00e9canisme de pr\u00e9vention des XSS en prot\u00e9geant\nles cha\u00eenes de caract\u00e8res pr\u00e9sent\u00e9es au client avant de les marquer\ncomme \u00e9tant html safe. Une vuln\u00e9rabilit\u00e9 dans ce m\u00e9canisme permet de\ncr\u00e9er une cha\u00eene html safe alors que celle ci n\u0027a pas \u00e9t\u00e9 prot\u00e9g\u00e9e, ce\nqui permet de provoquer une injection de code indirecte \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2011-06-14T00:00:00",
  "last_revision_date": "2011-06-14T00:00:00",
  "links": [
    {
      "title": "Notes des versions 2.3.12, 3.0.8 et 3.1.0.rc2 de Ruby on    Rails du 08 juin 2011 :",
      "url": "http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications"
    }
  ],
  "reference": "CERTA-2011-AVI-339",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 de type injection de code indirecte \u00e0 distance (\u003cspan\nclass=\"textit\"\u003eXSS\u003c/span\u003e) a \u00e9t\u00e9 identifi\u00e9e dans Ruby on Rails.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Ruby on Rails",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes des versions 2.3.12, 3.0.8 et 3.1.0.rc2 de Ruby on Rails du 08 juin 2011",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.