Source: rails Version: 2:6.1.7+dfsg-2 Severity: important Tags: security upstream Forwarded: https://github.com/rails/rails/issues/46244 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for rails. CVE-2022-3704[0]: | A vulnerability classified as problematic has been found in Ruby on | Rails. This affects an unknown part of the file actionpack/lib/action_ | dispatch/middleware/templates/routes/_table.html.erb. The manipulation | leads to cross site scripting. It is possible to initiate the attack | remotely. The name of the patch is | be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a | patch to fix this issue. The associated identifier of this | vulnerability is VDB-212319. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-3704 https://www.cve.org/CVERecord?id=CVE-2022-3704 [1] https://github.com/rails/rails/issues/46244 [2] https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Pkg-ruby-extras-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-ruby-extras-maintainers
