|Description||The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.|
|Source||CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)|
|NVD severity||medium (attack range: remote, user-initiated)|
Vulnerable and fixed packages
The table below lists information on source packages.
|rails (PTS)||squeeze, squeeze (security)||2.3.5-1.2+squeeze8||fixed|
|jessie, stretch, sid||2:4.1.8-1||fixed|
|ruby-actionpack-3.2 (PTS)||wheezy, wheezy (security)||3.2.6-6+deb7u2||fixed|
The information below is based on the following data on fixed versions.
Starting with 22.214.171.124 rails is a transition package