actionpack

• Author: kikadf
• Vulnerable: 3.2.6-1
• Unaffected: 3.2.6-2arcturus1

Toby Hsieh, Peter McLarnan, Ankit Gupta, Sudhir Rao and Kevin Reintjes discovered multiple cross-site scripting and denial of service vulnerabilities in Ruby Actionpack.

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3424
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3463
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3465
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0155
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1855
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1857
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4389
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4491
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6414
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6415
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6417