Merge pull request #6383 from github/tjuyuxinzhang-GHSA-vxvp-4xwc-jpp6

advisory-database[bot] · web-flow · commit f985c147d953 · 2025-11-04T20:42:19.000Z
diff --git a/advisories/github-reviewed/2017/10/GHSA-vxvp-4xwc-jpp6/GHSA-vxvp-4xwc-jpp6.json b/advisories/github-reviewed/2017/10/GHSA-vxvp-4xwc-jpp6/GHSA-vxvp-4xwc-jpp6.json
@@ -1,37 +1,15 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vxvp-4xwc-jpp6",
-  "modified": "2023-01-23T18:04:55Z",
+  "modified": "2023-11-10T05:06:13Z",
   "published": "2017-10-24T18:33:36Z",
   "aliases": [
     "CVE-2015-3226"
   ],
   "summary": "activesupport Cross-site Scripting vulnerability",
-  "details": "Cross-site scripting (XSS) vulnerability in `json/encoding.rb` in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.",
+  "details": "Cross-site scripting (XSS) vulnerability in `json/encoding.rb` in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.",
   "severity": [],
   "affected": [
-    {
-      "package": {
-        "ecosystem": "RubyGems",
-        "name": "activesupport"
-      },
-      "ranges": [
-        {
-          "type": "ECOSYSTEM",
-          "events": [
-            {
-              "introduced": "3.0.0"
-            },
-            {
-              "fixed": "3.2.22.5"
-            }
-          ]
-        }
-      ],
-      "database_specific": {
-        "last_known_affected_version_range": "<= 3.2.22.4"
-      }
-    },
     {
       "package": {
         "ecosystem": "RubyGems",
@@ -76,6 +54,10 @@
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3226"
     },
+    {
+      "type": "WEB",
+      "url": "https://groups.google.com/forum/#!searchin/rubyonrails-core/CVE-2015-3226/rubyonrails-core/qBUqVlXERag/kuH3wQk1kxUJ"
+    },
     {
       "type": "WEB",
       "url": "https://groups.google.com/forum/message/raw?msg=rubyonrails-security/7VlB_pck3hU/3QZrGIaQW6cJ"
@@ -92,6 +74,10 @@
       "type": "WEB",
       "url": "http://openwall.com/lists/oss-security/2015/06/16/17"
     },
+    {
+      "type": "WEB",
+      "url": "http://rubysec.com/advisories/CVE-2015-3226"
+    },
     {
       "type": "WEB",
       "url": "http://www.debian.org/security/2016/dsa-3464"
