Red Hat Security Advisory 2014-0306-01 - Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. It was found that several number conversion helpers in Action View did not properly escape all their parameters. An attacker could use these flaws to perform a cross-site scripting attack on an application that uses data submitted by a user as parameters to the affected helpers. A memory consumption issue was discovered in the text rendering component of Action View. A remote attacker could use this flaw to perform a denial of service attack by sending specially crafted queries that would result in the creation of Ruby symbols that were never garbage collected.
02f09d4cf6f96ffbeda49c48f45c7f2280fc213cb2f9bb62c8f9cae21fd9ca14
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed