Bug 1365008 (CVE-2016-6316) - CVE-2016-6316 rubygem-actionview: cross-site scripting flaw in Action View
Summary: CVE-2016-6316 rubygem-actionview: cross-site scripting flaw in Action View
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-6316
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1366480 1367062 1367063 1367064 1367065 1367066 1367067 1367068 1367069 1381410
Blocks: 1365019
TreeView+ depends on / blocked
 
Reported: 2016-08-08 11:08 UTC by Martin Prpič
Modified: 2019-09-29 13:54 UTC (History)
18 users (show)

Fixed In Version: rubygem-actionview 5.0.0.1, rubygem-actionview 4.2.7.1, rubygem-actionpack 3.2.22.3
Doc Type: If docs needed, set a value
Doc Text:
It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting (XSS) attack.
Clone Of:
Environment:
Last Closed: 2016-09-13 11:19:06 UTC


Attachments (Terms of Use)
3-2-attribute-xss.patch (3.13 KB, text/plain)
2016-08-08 11:09 UTC, Martin Prpič
no flags Details
4-2-attribute-xss.patch (2.17 KB, text/plain)
2016-08-08 11:09 UTC, Martin Prpič
no flags Details
5-0-attribute-xss.patch (2.51 KB, text/plain)
2016-08-08 11:09 UTC, Martin Prpič
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:1855 normal SHIPPED_LIVE Moderate: rh-ror42 security update 2016-09-13 15:09:39 UTC
Red Hat Product Errata RHSA-2016:1856 normal SHIPPED_LIVE Moderate: rh-ror41-rubygem-actionview security update 2016-09-13 15:08:25 UTC
Red Hat Product Errata RHSA-2016:1857 normal SHIPPED_LIVE Moderate: ror40-rubygem-actionpack security update 2016-09-13 15:07:09 UTC
Red Hat Product Errata RHSA-2016:1858 normal SHIPPED_LIVE Moderate: ruby193-rubygem-actionpack security update 2016-09-13 15:05:54 UTC

Description Martin Prpič 2016-08-08 11:08:37 UTC
A cross-site scripting flaw was found in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers.

Comment 1 Martin Prpič 2016-08-08 11:08:43 UTC
Acknowledgments:

Name: the Ruby on Rails project
Upstream: Andrew Carpenter (Critical Juncture)

Comment 2 Martin Prpič 2016-08-08 11:09:27 UTC
Created attachment 1188633 [details]
3-2-attribute-xss.patch

Comment 3 Martin Prpič 2016-08-08 11:09:30 UTC
Created attachment 1188634 [details]
4-2-attribute-xss.patch

Comment 4 Martin Prpič 2016-08-08 11:09:33 UTC
Created attachment 1188635 [details]
5-0-attribute-xss.patch

Comment 6 Martin Prpič 2016-08-12 06:01:18 UTC
Created rubygem-actionview tracking bugs for this issue:

Affects: fedora-all [bug 1366480]

Comment 7 Martin Prpič 2016-08-12 06:01:48 UTC
External References:

https://groups.google.com/forum/#!msg/rubyonrails-security/I-VWr034ouk/gGu2FrCwDAAJ

Comment 16 errata-xmlrpc 2016-09-13 11:11:04 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS

Via RHSA-2016:1858 https://rhn.redhat.com/errata/RHSA-2016-1858.html

Comment 17 errata-xmlrpc 2016-09-13 11:11:28 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS

Via RHSA-2016:1857 https://rhn.redhat.com/errata/RHSA-2016-1857.html

Comment 18 errata-xmlrpc 2016-09-13 11:11:51 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6
  Red Hat Software Collections for Red Hat Enterprise Linux 6.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS

Via RHSA-2016:1856 https://rhn.redhat.com/errata/RHSA-2016-1856.html

Comment 19 errata-xmlrpc 2016-09-13 11:12:15 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.1 EUS

Via RHSA-2016:1855 https://rhn.redhat.com/errata/RHSA-2016-1855.html


Note You need to log in before you can comment on or make changes to this bug.