CVE-2016-6316 - Rails (Action View) XSS Vulnerability
Posted November 2, 2016
Assessed Risk Level: Medium
On August 8, 2016, Ruby on Rails announced a cross site scripting (XSS) vulnerability in Action View.
Previous versions of Puppet Enterprise shipped with a vulnerable version of Rails. Puppet Enterprise 3.8.7 contains an updated version of Rails that patches the vulnerability..
For more information about these vulnerabilities, refer to the [Ruby on Rails security announcement] (http://weblog.rubyonrails.org/2016/8/11/Rails-5-0-0-1-4-2-7-2-and-3-2-22-3-have-been-released/).
Affected Software Versions:
- Puppet Enterprise versions prior to 3.8.7
- Puppet Enterprise 3.8.7