Oval Definition:	oval:com.ubuntu.precise:def:20121098000
Revision Date: 2012-03-13 Version: 1 Title: CVE-2012-1098 on Ubuntu 12.04 LTS (precise) - medium. Description: Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods. Family: unix Class: vulnerability Status: Reference(s): CVE-2012-1098 Platform(s): Ubuntu 12.04 LTS Product(s): Definition Synopsis Ubuntu 12.04 LTS (precise) is installed. AND Package Information NOT While related to the CVE in some way, the 'rails' package in precise is not affected (note: 'contains no code'). OR The vulnerability of the 'ruby-rails-2.3' package in precise is not known (status: 'needs-triage'). It is pending evaluation.
BACK