cve-2012-1098
Vulnerability from cvelistv5
Published
2012-03-13 10:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2012-3321",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html"
},
{
"name": "[oss-security] 20120302 Re: CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/03/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799275"
},
{
"name": "[oss-security] 20120302 CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/6"
},
{
"name": "[rubyonrails-security] 20120301 Possible XSS Security Vulnerability in SafeBuffer#[]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-09T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2012-3321",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html"
},
{
"name": "[oss-security] 20120302 Re: CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/03/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799275"
},
{
"name": "[oss-security] 20120302 CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/6"
},
{
"name": "[rubyonrails-security] 20120301 Possible XSS Security Vulnerability in SafeBuffer#[]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source\u0026output=gplain"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2012-3321",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html"
},
{
"name": "[oss-security] 20120302 Re: CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/03/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=799275",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799275"
},
{
"name": "[oss-security] 20120302 CVE Request -- Ruby on Rails (v3.0.12) / rubygem-actionpack: Two XSS flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/02/6"
},
{
"name": "[rubyonrails-security] 20120301 Possible XSS Security Vulnerability in SafeBuffer#[]",
"refsource": "MLIST",
"url": "http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source\u0026output=gplain"
},
{
"name": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1098",
"datePublished": "2012-03-13T10:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3BE7DFE-BA20-434B-A1DE-AD038B255C60\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCEE5B21-C990-4705-8239-0D7B29DAEDA1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"65EE33B1-B079-4CDE-B9C2-F1613A4610DC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CAAA20B-824F-4448-99DC-9712FE628073\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*\", \"matchCriteriaId\": \"D2BEBDFB-0F30-454A-B74C-F820C9D2708B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D7CD8C1-95D1-477E-AD96-6582EC33BA01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6F00D98-3D0F-40AF-AE4F-090B1E6B660C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9476CE55-69C0-45D3-B723-6F459C90BF05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*\", \"matchCriteriaId\": \"486F5BA6-BCF7-4691-9754-19D364B4438D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"112FC73B-A8BC-4EEA-9F4B-CCE685EF2838\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4498383-6FCA-4E17-A1FD-B0CE7EE50F85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D26565B1-2BA6-4A3C-9264-7FC9A1820B59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"644EF85E-6D3E-4F5C-96B0-49AD2A2D90CE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"392E2D58-CB39-4832-B4D9-9C2E23B8E14C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F2466EA-7039-46A1-B4A3-8DACD1953A59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CAB4E72-0A15-4B26-9B69-074C278568D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A085E105-9375-440A-80CB-9B23E6D7EB4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"25911E48-C5D7-4ED8-B4DB-7523A74CCF49\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE6EC1E5-3A4A-4751-9F77-28EF5AF681E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B29674E3-CC80-446B-9A43-82594AE7A058\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF34D8CB-2B6D-4CB8-A206-108293BCFFE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E5187F6-E3AC-4E0D-B1D0-83DE76C20A4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"272268EE-E3E8-4683-B679-55D748877A7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B69FD33-61FE-4F10-BBE1-215F59035D30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"08D7CB5D-82EF-4A24-A792-938FAB40863D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A044B21-47D5-468D-AF4A-06B3B5CC0824\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2196F3D0-532A-40F9-843A-1DFBC8B63FDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBEDA932-6CB5-438C-94E4-824732A91BE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"903E5524-5E45-48CE-A804-EDAEBE3A79AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"08534AF2-F94E-4FB6-A572-4FB9827276D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"29E3B4A6-1346-4358-B7BC-84D00ED3ABBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"B52D7A6B-DD93-45F0-9186-18ABEFF28DF4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F07C641-48DF-43BE-9EB5-72B337C54846\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1CB1B12-99F5-430F-AE19-9A95C17FA123\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D1A7C449-8F9A-4CE5-9C3D-375996BFAEE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE331D6D-99BA-4369-AD8B-B556DEE4955F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"224BD488-0D7E-4F8B-9012-DE872DEB544C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB51F3E9-4899-49A9-9E7B-0DCA92A91DD8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"F884F2F4-94F3-46CB-860B-1BCC0EEF408A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"88DFBB48-1C29-4639-9369-F5B413CA2337\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D37696D7-BEE6-4587-9E33-A7FE24780409\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"E95B5D44-0C8D-47BC-A89D-48A5BDEB84F4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DFDAF6A-76AA-436F-A4F3-DA69892DE2B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"D3172982-3FA4-427F-BE3E-2321D804E49D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD6EC85B-F092-48FF-966A-96B9227C8656\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*\", \"matchCriteriaId\": \"9000F3C1-57A0-474C-9C82-E58688F29838\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E55E42E-AB6A-4E47-AC69-DFDAEB0A8735\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A42F4E7A-6F6A-485C-8D30-95F3B0285922\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"30B9C0CB-F6E6-4233-84E4-D6E69104DD73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"84309CC7-A8B7-4ADB-AEA1-964DA5F7B0E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"5343241F-274D-45FF-97C7-2BC2E920BAF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FED122B8-AF4C-4C48-B1E5-54F4A7A31A53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"157ACCAD-0FB8-4CC9-9DFB-70835DE6506C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E50ACF6-7277-4C9A-B42A-E7EFDC317691\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C191DC2B-1EC3-48E0-A586-867E6EE4431C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4BC41E8-FEDA-4C31-B479-D49A59FC4D63\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2816C02C-E13E-4367-91F3-14756A90EC9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"E82AF7C7-B725-40EF-8EE3-18F8E7FAEB29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AE674DE-65DB-437E-A034-A2EE5C584B33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0524F3E3-BAD7-4CD3-A6E7-74CFBE4B46E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB32713D-FE64-445E-872E-B4678C243AB1\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Ruby on Rails 3.0.x anteriores a 3.0.12, 3.1.x anteriores a 3.1.4, y 3.2.x anterioes a 3.2.2 permite a atacantes remotos inyectar codigo de script web o c\\u00f3digo HTML de su elecci\\u00f3n a trav\\u00e9s de vectores que involucran un objeto SafeBuffer que es manipulado a trav\\u00e9s de determinados m\\u00e9todos.\"}]",
"id": "CVE-2012-1098",
"lastModified": "2024-11-21T01:36:24.913",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2012-03-13T10:55:01.213",
"references": "[{\"url\": \"http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source\u0026output=gplain\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/03/02/6\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/03/03/1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=799275\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source\u0026output=gplain\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/03/02/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/03/03/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=799275\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-1098\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-03-13T10:55:01.213\",\"lastModified\":\"2024-11-21T01:36:24.913\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Ruby on Rails 3.0.x anteriores a 3.0.12, 3.1.x anteriores a 3.1.4, y 3.2.x anterioes a 3.2.2 permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de vectores que involucran un objeto SafeBuffer que es manipulado a trav\u00e9s de determinados m\u00e9todos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3BE7DFE-BA20-434B-A1DE-AD038B255C60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCEE5B21-C990-4705-8239-0D7B29DAEDA1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"65EE33B1-B079-4CDE-B9C2-F1613A4610DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CAAA20B-824F-4448-99DC-9712FE628073\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:beta4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2BEBDFB-0F30-454A-B74C-F820C9D2708B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:rc:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D7CD8C1-95D1-477E-AD96-6582EC33BA01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6F00D98-3D0F-40AF-AE4F-090B1E6B660C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9476CE55-69C0-45D3-B723-6F459C90BF05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.1:pre:*:*:*:*:*:*\",\"matchCriteriaId\":\"486F5BA6-BCF7-4691-9754-19D364B4438D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"112FC73B-A8BC-4EEA-9F4B-CCE685EF2838\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.2:pre:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4498383-6FCA-4E17-A1FD-B0CE7EE50F85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D26565B1-2BA6-4A3C-9264-7FC9A1820B59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"644EF85E-6D3E-4F5C-96B0-49AD2A2D90CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"392E2D58-CB39-4832-B4D9-9C2E23B8E14C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F2466EA-7039-46A1-B4A3-8DACD1953A59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CAB4E72-0A15-4B26-9B69-074C278568D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.6:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A085E105-9375-440A-80CB-9B23E6D7EB4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.6:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"25911E48-C5D7-4ED8-B4DB-7523A74CCF49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE6EC1E5-3A4A-4751-9F77-28EF5AF681E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.7:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B29674E3-CC80-446B-9A43-82594AE7A058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.7:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF34D8CB-2B6D-4CB8-A206-108293BCFFE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E5187F6-E3AC-4E0D-B1D0-83DE76C20A4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.8:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"272268EE-E3E8-4683-B679-55D748877A7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.8:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B69FD33-61FE-4F10-BBE1-215F59035D30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.8:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"08D7CB5D-82EF-4A24-A792-938FAB40863D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.8:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A044B21-47D5-468D-AF4A-06B3B5CC0824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2196F3D0-532A-40F9-843A-1DFBC8B63FDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.9:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBEDA932-6CB5-438C-94E4-824732A91BE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.9:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"903E5524-5E45-48CE-A804-EDAEBE3A79AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.9:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"08534AF2-F94E-4FB6-A572-4FB9827276D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.9:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"29E3B4A6-1346-4358-B7BC-84D00ED3ABBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.9:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"B52D7A6B-DD93-45F0-9186-18ABEFF28DF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F07C641-48DF-43BE-9EB5-72B337C54846\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1CB1B12-99F5-430F-AE19-9A95C17FA123\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1A7C449-8F9A-4CE5-9C3D-375996BFAEE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.0.12:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE331D6D-99BA-4369-AD8B-B556DEE4955F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:ruby_on_rails:3.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"224BD488-0D7E-4F8B-9012-DE872DEB544C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB51F3E9-4899-49A9-9E7B-0DCA92A91DD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F884F2F4-94F3-46CB-860B-1BCC0EEF408A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"88DFBB48-1C29-4639-9369-F5B413CA2337\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D37696D7-BEE6-4587-9E33-A7FE24780409\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"E95B5D44-0C8D-47BC-A89D-48A5BDEB84F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DFDAF6A-76AA-436F-A4F3-DA69892DE2B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3172982-3FA4-427F-BE3E-2321D804E49D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD6EC85B-F092-48FF-966A-96B9227C8656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"9000F3C1-57A0-474C-9C82-E58688F29838\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.0:rc8:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E55E42E-AB6A-4E47-AC69-DFDAEB0A8735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A42F4E7A-6F6A-485C-8D30-95F3B0285922\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"30B9C0CB-F6E6-4233-84E4-D6E69104DD73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"84309CC7-A8B7-4ADB-AEA1-964DA5F7B0E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5343241F-274D-45FF-97C7-2BC2E920BAF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FED122B8-AF4C-4C48-B1E5-54F4A7A31A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"157ACCAD-0FB8-4CC9-9DFB-70835DE6506C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.2:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E50ACF6-7277-4C9A-B42A-E7EFDC317691\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C191DC2B-1EC3-48E0-A586-867E6EE4431C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.1.4:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4BC41E8-FEDA-4C31-B479-D49A59FC4D63\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2816C02C-E13E-4367-91F3-14756A90EC9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E82AF7C7-B725-40EF-8EE3-18F8E7FAEB29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AE674DE-65DB-437E-A034-A2EE5C584B33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0524F3E3-BAD7-4CD3-A6E7-74CFBE4B46E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rubyonrails:rails:3.2.2:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB32713D-FE64-445E-872E-B4678C243AB1\"}]}]}],\"references\":[{\"url\":\"http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source\u0026output=gplain\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/03/02/6\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/03/03/1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=799275\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://groups.google.com/group/rubyonrails-security/msg/1c2e01a5e42722c9?dmode=source\u0026output=gplain\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075675.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://weblog.rubyonrails.org/2012/3/1/ann-rails-3-0-12-has-been-released\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/03/02/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/03/03/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=799275\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.