FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

rubygem-rails -- JSON XSS vulnerability

Affected packages
rubygem-rails < 1.2.5
rubygem-activesupport < 1.4.4


VuXML ID 44fb0302-9d38-11dc-9114-001c2514716c
Discovery 2007-10-12
Entry 2007-11-28
Modified 2007-12-01

Rails core team reports:

All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn't strictly necessary if you aren't working with JSON. For more information the JSON vulnerability, see CVE-2007-3227.


CVE Name CVE-2007-3227