LogoopenSUSE Build Service > Projects > openSUSE:Maintenance:30 > Overview
Sign Up | Log In

VUL-0: ruby on rails multiple vulnerabilities

This update of rails fixes the following security issues:

CVE-2011-2930 - SQL-injection in quote_table_name function via specially crafted column names (bnc#712062)
CVE-2011-2931 - Cross-Site Scripting (XSS) in the strip_tags helper (bnc#712057)
CVE-2011-3186 - Response Splitting (bnc#712058)
CVE-2010-3933 - Arbitrary modification of records via specially crafted form parameters (bnc#712058)
CVE-2011-0446 - Cross-Site Scripting (XSS) in the mail_to helper (bnc#668817)
CVE-2011-0447 - Improper validation of 'X-Requested-With' header (bnc#668817)
CVE-2011-0448 - SQL-injection caused by improperly sanitized arguments to the limit function (bnc#668817)
CVE-2011-0449 - Bypass of access restrictions via specially crafted action names (bnc#668817)

Comments for openSUSE:Maintenance:30 (0)