CVE-2011-2197
Description
The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x before 2.3.12, 3.0.x before 3.0.8, and 3.1.x before 3.1.0.rc2 does not properly handle mutation of safe buffers, which makes it easier for remote attackers to conduct XSS attacks via crafted strings to an application that uses a problematic string method, as demonstrated by the sub method.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2011-2197
Vendor advisory: secalert@redhat.com — http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/44789
Vendor advisory: secalert@redhat.com — http://openwall.com/lists/oss-security/2011/06/13/9
Vendor advisory: secalert@redhat.com — http://openwall.com/lists/oss-security/2011/06/09/2
Vendor advisory: secalert@redhat.com — http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 0 |
| debian | sid | fixed | 0 |
| debian | trixie | fixed | 0 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| RubyGems | actionpack | <~> 2.3.12 | ~> 2.3.12 |
| RubyGems | activesupport | <~> 2.3.12 | ~> 2.3.12 |
| RubyGems | actionpack | >=2.0.0,<2.3.12 | 2.3.12 |
| RubyGems | actionpack | >=3.0.0,<3.0.8 | 3.0.8 |
| RubyGems | activesupport | >=2.0.0,<2.3.12 | 2.3.12 |
| RubyGems | activesupport | >=3.0.0,<3.0.8 | 3.0.8 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| rubyonrails | rails | 2.0.0 | |
| rubyonrails | rails | 2.0.1 | |
| rubyonrails | rails | 2.0.2 | |
| rubyonrails | rails | 2.0.4 | |
| rubyonrails | rails | 2.1.0 | |
| rubyonrails | rails | 2.1.1 | |
| rubyonrails | rails | 2.1.2 | |
| rubyonrails | rails | 2.2.0 | |
| rubyonrails | rails | 2.2.1 | |
| rubyonrails | rails | 2.2.2 | |
| rubyonrails | rails | 2.3.2 | |
| rubyonrails | rails | 2.3.3 | |
| rubyonrails | rails | 2.3.4 | |
| rubyonrails | rails | 2.3.9 | |
| rubyonrails | rails | 2.3.10 | |
| rubyonrails | rails | 2.3.11 | |
| rubyonrails | rails | 3.0.0 | |
| rubyonrails | rails | 3.0.1 | |
| rubyonrails | rails | 3.0.2 | |
| rubyonrails | rails | 3.0.3 | |
| rubyonrails | rails | 3.0.4 | |
| rubyonrails | rails | 3.0.5 | |
| rubyonrails | rails | 3.0.6 | |
| rubyonrails | rails | 3.0.7 | |
| rubyonrails | rails | 3.0.8 | |
| rubyonrails | ruby_on_rails | 3.0.4 | |
| rubyonrails | rails | 3.1.0 | |
References
- http://weblog.rubyonrails.org/2011/6/8/potential-xss-vulnerability-in-ruby-on-rails-applications
- http://groups.google.com/group/rubyonrails-security/msg/663b600d4471e0d4?dmode=source&output=gplain
- http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062514.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-June/062090.html
- http://openwall.com/lists/oss-security/2011/06/09/2
- http://openwall.com/lists/oss-security/2011/06/13/9
- http://secunia.com/advisories/44789
- https://nvd.nist.gov/vuln/detail/CVE-2011-2197
- https://github.com/rails/rails/commit/53a2c0baf2b128dd4808eca313256f6f4bb8c4cd
- https://github.com/rails/rails/commit/ed3796434af6069ced6a641293cf88eef3b284da
- https://gist.github.com/NZKoz/b2ceb626fc2bcdfe497f
- https://github.com/rails/rails
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2197.yml
- https://security-tracker.debian.org/tracker/CVE-2011-2197
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.