Bug 731436 (CVE-2011-2931)

Summary: CVE-2011-2931 rubygem-actionpack: XSS vulnerability in strip_tags helper (Ruby on Rails)
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: bkearney, clalance, lutter, mastahnke, mhicks, mmorsi, mtasaka, sseago, vanmeeuwen+fedora, vondruch
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: rubygem-actionpack 2.3.13, rubygem-actionpack 3.0.10, rubygem-actionpack 3.1.0 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-16 09:50:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 677629, 731440, 731441, 731448    
Bug Blocks: 732542    

Description Vincent Danen 2011-08-17 16:40:19 UTC
An XSS vulnerability in the strip_tags helper in Ruby on Rails was reported
[1] where, using specially crafted output, an attacker can successfully inject HTML into the document, which can be used to inject arbitrary javascript into the rendered page.

This is corrected in upstream 3.0.10, 2.3.13, and 3.1.0rc5 versions.  Patches are available in the advisory [1] and in git [2].

[1] http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12
[2] https://github.com/rails/rails/commit/586a944ddd4d03e66dea1093306147594748037a

Comment 2 Vincent Danen 2011-08-17 17:22:49 UTC
This flaw is rubygem-actionpack, not rubygem-rails.

Comment 3 Vincent Danen 2011-08-17 17:26:15 UTC
Created rubygem-actionpack tracking bugs for this issue

Affects: fedora-all [bug 731448]
Affects: epel-5 [bug 677629]

Comment 5 Vincent Danen 2011-08-30 04:18:58 UTC
This issue has been assigned the name CVE-2011-2931: