A cross-site scripting flaw was found in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers.
Acknowledgments: Name: the Ruby on Rails project Upstream: Andrew Carpenter (Critical Juncture)
Created attachment 1188633 [details] 3-2-attribute-xss.patch
Created attachment 1188634 [details] 4-2-attribute-xss.patch
Created attachment 1188635 [details] 5-0-attribute-xss.patch
Created rubygem-actionview tracking bugs for this issue: Affects: fedora-all [bug 1366480]
External References: https://groups.google.com/forum/#!msg/rubyonrails-security/I-VWr034ouk/gGu2FrCwDAAJ
The original patch was reported to be faulty: http://seclists.org/oss-sec/2016/q3/263 Correct patches for this issue: https://github.com/rails/rails/commit/4bcccf5ecd81a6272479537911b7d9760c5be164 https://github.com/rails/rails/commit/5aabcf25caefbe84f656256a9d3e7fc0c9e14ecc
(In reply to Martin Prpic from comment #8) > The original patch was reported to be faulty: > > http://seclists.org/oss-sec/2016/q3/263 Note that the problem only affected patches against 3.2. Additionally, another problem was found that affected other versions as well. The issues is mentioned here: https://github.com/rails/rails/commit/4bcccf5e#commitcomment-18616328 Upstream pull requests with fix: https://github.com/rails/rails/pull/26131 https://github.com/rails/rails/pull/26133 So the correct set of patches should be: 5.0: https://github.com/rails/rails/commit/8f544bc447612924a50c37ead085a0ea4c217439 https://github.com/rails/rails/commit/d40e5f0033329f8269c97d9480749a92817a2968 4.2: https://github.com/rails/rails/commit/f05af91c68debc0230c302aa9031a253f8786b87 https://github.com/rails/rails/commit/2bcb88c9ce7d6fb1f158f54918eb7f936bd33ce9 3.2: https://github.com/rails/rails/commit/4bcccf5ecd81a6272479537911b7d9760c5be164 https://github.com/rails/rails/commit/5aabcf25caefbe84f656256a9d3e7fc0c9e14ecc https://github.com/rails/rails/commit/efd59ab38231eca1084e85aa990321599308757f
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Via RHSA-2016:1858 https://rhn.redhat.com/errata/RHSA-2016-1858.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Via RHSA-2016:1857 https://rhn.redhat.com/errata/RHSA-2016-1857.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Via RHSA-2016:1856 https://rhn.redhat.com/errata/RHSA-2016-1856.html
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS Via RHSA-2016:1855 https://rhn.redhat.com/errata/RHSA-2016-1855.html