Rails 5.0 Vulnerabilities
In order to calculate Rails 5.0 vulnerabilities we created an application using
the latest patch version of Rails 5.0 and we ran bundler-audit
to find all known vulnerabilities.
In order to calculate Rails 5.0 vulnerabilities we created an application using
the latest patch version of Rails 5.0 and we ran bundler-audit
to find all known vulnerabilities.
Here we list the security risks related to a sample Rails 5.0 application.
There is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j
or escape_javascript
methods may be susceptible to XSS attacks.
Versions Affected: All. Not affected: None. Fixed Versions: 6.0.2.2, 5.2.4.2
There is a possible XSS vulnerability in the j
and escape_javascript
methods in ActionView. These methods are used for escaping JavaScript string literals. Impacted code will look something like this:
<script>let a = `<%= j unknown_input %>`</script>
or
<script>let a = `<%= escape_javascript unknown_input %>`</script>
The 6.0.2.2 and 5.2.4.2 releases are available at the normal locations.
For those that can't upgrade, the following monkey patch may be used:
ActionView::Helpers::JavaScriptHelper::JS_ESCAPE_MAP.merge!(
{
"`" => "\\`",
"$" => "\\$"
}
)
module ActionView::Helpers::JavaScriptHelper
alias :old_ej :escape_javascript
alias :old_j :j
def escape_javascript(javascript)
javascript = javascript.to_s
if javascript.empty?
result = ""
else
result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u, JS_ESCAPE_MAP)
end
javascript.html_safe? ? result.html_safe : result
end
alias :j :escape_javascript
end