CVE-2013-6459: XSS vulnerabiliy in generated pagination links

December 31, 2013 (updated February 22, 2018)

The package will_paginate generate pagination links without escaping result. If user-controlled data is sent to will_paginate, there is a potential XSS vulnerability.

References

groups.google.com/forum/

Detect and mitigate CVE-2013-6459 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →