Moderate severityNVD Advisory· Published Oct 19, 2021· Updated Aug 6, 2024
CVE-2011-1497
CVE-2011-1497
Description
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
actionpackRubyGems | >= 3.0.0.rc, < 3.0.6 | 3.0.6 |
Affected products
2- Rails/Railsdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-q58j-fmvf-9rq6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-1497ghsaADVISORY
- github.com/rails/rails/blob/38df020c95beca7e12f0188cb7e18f3c37789e20/actionpack/CHANGELOGghsax_refsource_MISCWEB
- github.com/rails/rails/commit/61ee3449674c591747db95f9b3472c5c3bd9e84dghsaWEB
- github.com/rails/rails/commit/ab764ecbfea31a3b14323283287e2fc80955ace6ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2011-1497.ymlghsaWEB
- www.openwall.com/lists/oss-security/2011/04/06/13ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.