CVE-2016-6316
medium
CVSS v3
6.1
CVSS v2
4.3
VIR risk
6.1
Description
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.
Predictions
Exploit likelihood
71%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-6316
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2016-6316.html
Vendor advisory: secalert@redhat.com — http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | 8.0 | affected | |
| debian | bookworm | fixed | 2:4.2.7.1-1 |
| debian | bullseye | fixed | 2:4.2.7.1-1 |
| debian | forky | fixed | 2:4.2.7.1-1 |
| debian | sid | fixed | 2:4.2.7.1-1 |
| debian | trixie | fixed | 2:4.2.7.1-1 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| RubyGems | actionpack | !< 3.0.0,!>= 4.1.0||<~> 3.2.22.3 | ~> 3.2.22.3 |
| RubyGems | actionview | !< 3.0.0||<~> 4.2.7.1 | ~> 4.2.7.1 |
| RubyGems | actionview | >=3.0.0,<3.2.22.3 | 3.2.22.3 |
| RubyGems | actionview | >=4.0.0,<4.2.7.1 | 4.2.7.1 |
| RubyGems | actionview | >=5.0.0,<5.0.0.1 | 5.0.0.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| rubyonrails | rails | 3.0.0 | |
| rubyonrails | rails | 3.0.1 | |
| rubyonrails | rails | 3.0.2 | |
| rubyonrails | rails | 3.0.3 | |
| rubyonrails | rails | 3.0.4 | |
| rubyonrails | rails | 3.0.5 | |
| rubyonrails | rails | 3.0.6 | |
| rubyonrails | rails | 3.0.7 | |
| rubyonrails | rails | 3.0.8 | |
| rubyonrails | rails | 3.0.9 | |
| rubyonrails | rails | 3.0.10 | |
| rubyonrails | rails | 3.0.11 | |
| rubyonrails | rails | 3.0.12 | |
| rubyonrails | rails | 3.0.13 | |
| rubyonrails | rails | 3.0.14 | |
| rubyonrails | rails | 3.0.16 | |
| rubyonrails | rails | 3.0.17 | |
| rubyonrails | rails | 3.0.18 | |
| rubyonrails | rails | 3.0.19 | |
| rubyonrails | rails | 3.0.20 | |
| rubyonrails | rails | 3.1.0 | |
| rubyonrails | rails | 3.1.1 | |
| rubyonrails | rails | 3.1.2 | |
| rubyonrails | rails | 3.1.3 | |
| rubyonrails | rails | 3.1.4 | |
| rubyonrails | rails | 3.1.5 | |
| rubyonrails | rails | 3.1.6 | |
| rubyonrails | rails | 3.1.7 | |
| rubyonrails | rails | 3.1.8 | |
| rubyonrails | rails | 3.1.9 | |
| rubyonrails | rails | 3.1.10 | |
| rubyonrails | rails | 3.1.12 | |
| rubyonrails | rails | 3.2.0 | |
| rubyonrails | rails | 3.2.1 | |
| rubyonrails | rails | 3.2.2 | |
| rubyonrails | rails | 3.2.3 | |
| rubyonrails | rails | 3.2.4 | |
| rubyonrails | rails | 3.2.5 | |
| rubyonrails | rails | 3.2.6 | |
| rubyonrails | rails | 3.2.7 | |
| rubyonrails | rails | 3.2.8 | |
| rubyonrails | rails | 3.2.9 | |
| rubyonrails | rails | 3.2.10 | |
| rubyonrails | rails | 3.2.11 | |
| rubyonrails | rails | 3.2.12 | |
| rubyonrails | rails | 3.2.13 | |
| rubyonrails | rails | 3.2.15 | |
| rubyonrails | rails | 3.2.16 | |
| rubyonrails | rails | 3.2.17 | |
| rubyonrails | rails | 3.2.18 | |
| rubyonrails | rails | 3.2.21 | |
| rubyonrails | rails | 3.2.22.2 | |
| rubyonrails | rails | 4.0.0 | |
| rubyonrails | rails | 4.0.1 | |
| rubyonrails | rails | 4.0.2 | |
| rubyonrails | rails | 4.0.3 | |
| rubyonrails | rails | 4.0.4 | |
| rubyonrails | rails | 4.0.5 | |
| rubyonrails | rails | 4.0.6 | |
| rubyonrails | rails | 4.0.7 | |
| rubyonrails | rails | 4.0.8 | |
| rubyonrails | rails | 4.0.9 | |
| rubyonrails | rails | 4.0.10 | |
| rubyonrails | rails | 4.1.0 | |
| rubyonrails | rails | 4.1.1 | |
| rubyonrails | rails | 4.1.2 | |
| rubyonrails | rails | 4.1.3 | |
| rubyonrails | rails | 4.1.4 | |
| rubyonrails | rails | 4.1.5 | |
| rubyonrails | rails | 4.1.6 | |
| rubyonrails | rails | 4.1.7 | |
| rubyonrails | rails | 4.1.7.1 | |
| rubyonrails | rails | 4.1.8 | |
| rubyonrails | rails | 4.1.9 | |
| rubyonrails | rails | 4.1.10 | |
| rubyonrails | rails | 4.1.12 | |
| rubyonrails | rails | 4.1.13 | |
| rubyonrails | rails | 4.1.14 | |
| rubyonrails | rails | 4.1.14.2 | |
| rubyonrails | rails | 4.1.15 | |
| rubyonrails | rails | 4.1.16 | |
| rubyonrails | rails | 4.2.0 | |
| rubyonrails | rails | 4.2.1 | |
| rubyonrails | rails | 4.2.2 | |
| rubyonrails | rails | 4.2.3 | |
| rubyonrails | rails | 4.2.4 | |
| rubyonrails | rails | 4.2.5 | |
| rubyonrails | rails | 4.2.5.1 | |
| rubyonrails | rails | 4.2.5.2 | |
| rubyonrails | rails | 4.2.6 | |
| rubyonrails | rails | 4.2.7 | |
| rubyonrails | rails | 5.0.0 | |
| rubyonrails | ruby_on_rails | 3.0.4 | |
| rubyonrails | ruby_on_rails | 3.2.14 | |
| rubyonrails | ruby_on_rails | 3.2.15 | |
| rubyonrails | ruby_on_rails | 3.2.19 | |
| rubyonrails | ruby_on_rails | 3.2.20 | |
| rubyonrails | ruby_on_rails | 3.2.22 | |
| rubyonrails | ruby_on_rails | 3.2.22.1 | |
| rubyonrails | ruby_on_rails | 4.0.10 | |
| rubyonrails | ruby_on_rails | 4.0.11 | |
| rubyonrails | ruby_on_rails | 4.0.11.1 | |
| rubyonrails | ruby_on_rails | 4.0.12 | |
| rubyonrails | ruby_on_rails | 4.0.13 | |
| rubyonrails | ruby_on_rails | 4.1.11 | |
| rubyonrails | ruby_on_rails | 4.1.14.1 | |
| rubyonrails | ruby_on_rails | 5.0.0 | |
References
- https://groups.google.com/forum/#!topic/rubyonrails-security/I-VWr034ouk
- http://rhn.redhat.com/errata/RHSA-2016-1855.html
- http://rhn.redhat.com/errata/RHSA-2016-1856.html
- http://rhn.redhat.com/errata/RHSA-2016-1857.html
- http://rhn.redhat.com/errata/RHSA-2016-1858.html
- http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/
- http://www.debian.org/security/2016/dsa-3651
- http://www.openwall.com/lists/oss-security/2016/08/11/3
- http://www.securityfocus.com/bid/92430
- https://groups.google.com/forum/#%21topic/ruby-security-ann/8B2iV2tPRSE
- https://puppet.com/security/cve/cve-2016-6316
- https://www.suse.com/security/cve/CVE-2016-6316.html
- https://nvd.nist.gov/vuln/detail/CVE-2016-6316
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2016-6316.yml
- https://groups.google.com/forum/#!topic/ruby-security-ann/8B2iV2tPRSE
- https://web.archive.org/web/20200227202008/http://www.securityfocus.com/bid/92430
- https://web.archive.org/web/20200812154343/https://puppet.com/security/cve/cve-2016-6316
- http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released
- https://security-tracker.debian.org/tracker/CVE-2016-6316
CWEs
CWE-79
Verify integrity in audit chain (admin only). AS-IS.