Skip to content

Commit bbb6603

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent ffb0ea5 commit bbb6603

File tree

1 file changed

+10
-24
lines changed

1 file changed

+10
-24
lines changed

advisories/github-reviewed/2017/10/GHSA-vxvp-4xwc-jpp6/GHSA-vxvp-4xwc-jpp6.json

Lines changed: 10 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1,37 +1,15 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-vxvp-4xwc-jpp6",
4-
"modified": "2023-01-23T18:04:55Z",
4+
"modified": "2025-11-04T20:42:18Z",
55
"published": "2017-10-24T18:33:36Z",
66
"aliases": [
77
"CVE-2015-3226"
88
],
99
"summary": "activesupport Cross-site Scripting vulnerability",
10-
"details": "Cross-site scripting (XSS) vulnerability in `json/encoding.rb` in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.",
10+
"details": "Cross-site scripting (XSS) vulnerability in `json/encoding.rb` in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.",
1111
"severity": [],
1212
"affected": [
13-
{
14-
"package": {
15-
"ecosystem": "RubyGems",
16-
"name": "activesupport"
17-
},
18-
"ranges": [
19-
{
20-
"type": "ECOSYSTEM",
21-
"events": [
22-
{
23-
"introduced": "3.0.0"
24-
},
25-
{
26-
"fixed": "3.2.22.5"
27-
}
28-
]
29-
}
30-
],
31-
"database_specific": {
32-
"last_known_affected_version_range": "<= 3.2.22.4"
33-
}
34-
},
3513
{
3614
"package": {
3715
"ecosystem": "RubyGems",
@@ -76,10 +54,18 @@
7654
"type": "ADVISORY",
7755
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3226"
7856
},
57+
{
58+
"type": "PACKAGE",
59+
"url": "https://github.com/rails/rails"
60+
},
7961
{
8062
"type": "WEB",
8163
"url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ"
8264
},
65+
{
66+
"type": "WEB",
67+
"url": "https://groups.google.com/g/rubyonrails-core/c/qBUqVlXERag/m/kuH3wQk1kxUJ"
68+
},
8369
{
8470
"type": "WEB",
8571
"url": "https://web.archive.org/web/20200228033946/http://www.securityfocus.com/bid/75231"

0 commit comments

Comments
 (0)