CVE-2011-1497

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in gem/rails

Identifiers

GHSA-q58j-fmvf-9rq6, CVE-2011-1497

Package Slug

gem/rails

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.

Affected Versions

All versions before 3.0.6

Solution

Upgrade to version 3.0.6 or above.

Last Modified

2022-06-19

source