漏洞类别:CGI‘
’漏洞等级: 
漏洞信息
Cross-site scripting (XSS) vulnerability in "json/encoding.rb" in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
漏洞危害
Successful exploitation could allow an attacker to execute arbitrary HTML and script code in a user's browser session under the context of the site. This may allow the attacker to access sensitive browser-based information such as authentication cookies and recently submitted data.
解决方案
Update to the patched versions
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论