Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Rails has a possible XSS vulnerability in its Action Pack debug exceptions
Vulnerability Description
Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A carefully crafted exception message could inject arbitrary HTML and JavaScript into the page, leading to XSS. This affects applications with detailed exception pages enabled (`config.consider_all_requests_local = true`), which is the default in development. Version 8.1.2.1 contains a patch.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Rails Action Pack 跨站脚本漏洞
Vulnerability Description
Rails Action Pack是美国Rails团队的一个web框架。提供了路由机制(将请求URL映射到动作),定义实现动作的控制器以及通过渲染视图(各种格式的模板)生成响应的机制。 Rails Action Pack 8.1.2.1之前版本存在跨站脚本漏洞,该漏洞源于调试异常页面未正确转义异常消息,可能导致精心构造的异常消息注入任意HTML和JavaScript,造成跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A