FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Rails 4 -- Possible XSS Vulnerability in Action View

Affected packages
3.0.0 < rubygem-actionview <


VuXML ID 43f1c867-654a-11e6-8286-00248c0c745d
Discovery 2016-08-11
Entry 2016-08-18

Ruby Security team reports:

There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. This vulnerability has been assigned the CVE identifier CVE-2016-6316.


CVE Name CVE-2016-6316