Red Hat Security Advisory 2016-1858-01

Red Hat Security Advisory 2016-1858-01 – Ruby on Rails is a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Security Fix: It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting attack.

Leave a Reply