Bug 1232310 (CVE-2015-3226)
Summary: | CVE-2015-3226 rubygem-activesupport: XSS Vulnerability in ActiveSupport::JSON.encode | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED WONTFIX | QA Contact: | |||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | medium | ||||||||
Version: | unspecified | CC: | apatters, bkearney, carnil, cbillett, ccoleman, dajohnso, dclarizi, dmcphers, gmccullo, jhardy, jialiu, joelsmith, jokerman, jorton, jprause, jrafanie, jrusnack, jvlcek, kseifried, lmeyer, mmaslano, mmccomas, obarenbo, security-response-team, tomckay, vondruch, xlecauch | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | rubygem-activesupport-4.2.2, rubygem-activesupport-4.1.11 | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2015-07-31 12:52:54 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 1249055, 1249056, 1249057, 1249059, 1249060 | ||||||||
Bug Blocks: | 1232306, 1232311 | ||||||||
Attachments: |
|
Description
Vasyl Kaigorodov
2015-06-16 13:11:33 UTC
This is now public: http://seclists.org/oss-sec/2015/q2/732 Created attachment 1058043 [details]
Patch for ActiveSupport 4.1
Created attachment 1058044 [details]
Patch for ActiveSupport 4.2
Created rubygem-activesupport tracking bugs for this issue: Affects: fedora-all [bug 1249055] Affects: epel-all [bug 1249056] |