Ruby

Ruby

By DeepSource

Project's rails & i18n gem versions are vulnerable to cross-site scripting (XSS) RB-A1007

Security

The internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem. Upgrading to newer versions of Rails & i18n gem can help fix this issue.

References

  1. CVE-2013-4491 - Rails Security Group
  2. CVE-2013-4491 - GitHub Advisory Database
  3. OWASP Top 10 - A7 - Cross Site Scripting (XSS)
  4. OWASP Top 10 - A9 - Using Components With Known Vulnerabilities