漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence.
漏洞信息
N/A
漏洞
N/A
漏洞
Ruby on Rails ‘Action Pack’组件跨站脚本漏洞
漏洞信息
Ruby on Rails(Rails)是Rails核心团队开发维护的一套基于Ruby语言的开源Web应用框架,它是由大卫-海纳梅尔-韩森从美国37signals公司的项目管理工具Basecamp里分离出来的。 Ruby on Rails 2.3.18之前版本,3.1.12之前的3.0.x和3.1.x版本,3.2.13之前的3.2.x版本中的Action Pack组件中lib/action_controller/vendor/html-scanner/html/sanitizer.rb中的过滤助手中存在漏
漏洞信息
N/A
漏洞
N/A