This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Ruby on Rails team reports :
Rails versions 3.2.13 has been released. This release contains
important security fixes. It is recommended users upgrade as soon as
Four vulnerabilities have been discovered and fixed :
- (CVE-2013-1854) Symbol DoS vulnerability in Active Record
- (CVE-2013-1855) XSS vulnerability in sanitize_css in Action Pack
- (CVE-2013-1856) XML Parsing Vulnerability affecting JRuby users
- (CVE-2013-1857) XSS Vulnerability in the `sanitize` helper of Ruby
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.8