[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: rubygem-will_paginate XSS vulnerabilities
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2013-12-27 4:28:31
Message-ID: 52BD01EF.3090108 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/26/2013 12:43 PM, Ratul Gupta wrote:
> Hello,
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1046642
>
> Cross-Site Scripting (XSS) vulnerabilities were found in
> will_paginate gem for Ruby, where certain input related to
> generated pagination links were not properly sanitised before being
> returned. This could be exploited to execute arbitrary HTML and
> script code in a user's browser session in context of an affected
> site.
>
> Can a CVE please be assigned to this issue?
Please use CVE-2013-6459 for this issue.
References:
https://bugs.gentoo.org/show_bug.cgi?id=495220
Original Advisory:
https://github.com/mislav/will_paginate/releases/tag/v3.0.5
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBAgAGBQJSvQHuAAoJEBYNRVNeJnmTBhYQANl9B1XuAA2gf7+0FuchOUmM
LGwLqQDTI589E2BtRj6UsWE04Q1TtqvbJMdpjLhoqQsNMzavmrbG/hqGqwWwZ0bd
8SDVWWZ0pOJgD0c22xLdMfrDzDakLxwvDFTgOHLuGrLHS/19i+P/Woza2CKADLny
bYnWkw3O4QzsPU1QGPXH6k46jd01IznJPIL+3J8Bb4WNnlVV0FpGJBHhWw8yfDm1
gDTEDH1NFDtlEMPcbsbvNXESo0AOZnBJNLmCWBZAbPcNPtWSNbuPd9wTPCwvVSCR
aKnPYSouGnKD8aCPPpIFo4NmnYre3qnb88PHvTje1dC/llR1r5/tnu1Cb0X7cFqn
lDjQegFjg74sDesIZXuzkiKUGLgwNaM2pr35CA4r5wZpCYePq61nLTmJE1Ecf28U
UjE3uzXY8QNxwQZ1/5i7+tlecMFUFWPYq8udiMtmRNH2NN7ODTM6C2i0cWmdba1y
sLtIGley3w9rrFR/gV2oG5EzSPa+OaEfHF+3DGxBQNNb26ssvp8Yogb2KyJGqGMU
Jay8SDiLwIIME6tkuTNrioGQZWNtAAGiug+rln80pNEpljJmroTCaHYyw1AEeT82
qPyLRYqoYDcZCHt/R4yeBkP2S/InZRHUlaDWL4Y3EGZlHCj7It3mDRCmlCaDjh9e
aPVrjbrbBSS/5mhk204F
=y0IJ
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic