sdkp3-rubygem-actionpack-2_0Security update for rubygem-actionpack-2_0Security update for rubygem-actionpack-2_0
This update of rubygems fixes two vulnerabilities:
CVE-2008-7248: CVSS v2 Base Score: 4.3
Rails CSRF protection can be bypassed by using special content-types
for a HTTP request.
CVE-2009-4214: CVSS v2 Base Score: 4.3
The method strip_tags does not completely protect agains XSS attacks.
This update of rubygems fixes two vulnerabilities:
- CVE-2008-7248: CVSS v2 Base Score: 4.3 Rails CSRF
protection can be bypassed by using special content-types
for a HTTP request.
- CVE-2009-4214: CVSS v2 Base Score: 4.3 The method
strip_tags does not completely protect agains XSS attacks.
securityrubygem-actionpack-2_0x86_642e21b68e75bac2a550fd58e1ace903f1ffa3f7e7