CNNVD-202508-1471 Information
CNNVD ID
CNNVD-202508-1471
Related CVE
- CNNVD Published: 2025-08-13
Description (Chinese)
Rails是美国Rails团队的一套基于Ruby语言的开源Web应用框架。 Rails 7.1.5.2、7.2.2.2和8.0.2.1之前版本存在安全漏洞,该漏洞源于未转义的ID可能包含ANSI序列,可能导致终端显示问题。
Description (English)
Rails is an open-source Web application framework based on Ruby language for the Rains team in the United States. There was a security loophole in prior editions of Rails 7.1.5.2, 7.2.2.2 and 8.2.1, which stemmed from the fact that unconverted IDs might contain ANSI sequences and could lead to terminal display problems.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Rails
Published
2025-08-13
Last Modified
2026-02-24
References
https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290 https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202 https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776 https://vigilance.fr/vulnerability/Rails-Active-Record-information-disclosure-via-ID-Unescaped-ANSI-Sequences-49184
Patch
https://github.com/rails/rails/releases
Share on: