CVE-2011-1497

Published: 19 October 2021

A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.

Notes

Author	Note
mdeslaur	in Oneiric+, rails package is just for transition
jdstrand	fixed in 3.0.6

6.1

Package	Release	Status
rails Launchpad, Ubuntu, Debian	hardy	Ignored (reached end-of-life)
	lucid	Ignored (reached end-of-life)
	maverick	Ignored (reached end-of-life)
	natty	Ignored (reached end-of-life)
	oneiric	Not vulnerable (contains no code)
	precise	Does not exist (precise was not-affected [contains no code])
	quantal	Not vulnerable (contains no code)
	raring	Not vulnerable (contains no code)
	saucy	Not vulnerable (contains no code)
	trusty	Does not exist (trusty was not-affected [contains no code])
	upstream	Needs triage
	utopic	Not vulnerable (contains no code)
	vivid	Not vulnerable (contains no code)
	wily	Not vulnerable (contains no code)
	xenial	Not vulnerable (contains no code)
	yakkety	Not vulnerable (contains no code)
	zesty	Not vulnerable (contains no code)
ruby-rails-2.3 Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Ignored (reached end-of-life)
	precise	Does not exist (precise was needs-triage)
	quantal	Ignored (reached end-of-life)
	raring	Ignored (reached end-of-life)
	saucy	Ignored (reached end-of-life)
	trusty	Does not exist
	upstream	Needs triage
	utopic	Does not exist
	vivid	Does not exist
	wily	Does not exist
	xenial	Does not exist
	yakkety	Does not exist
	zesty	Does not exist

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.