SUSE-SU-2016:0082-1

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2015-3226 CVE-2015-3227

Published: 12 Jan 2016, 10:24

Last modified:04 Feb 2026, 02:56

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Jan 2016, 10:24

Published

Vulnerability first disclosed

04 Feb 2026, 02:56

Last Modified

Vulnerability information updated

Description

Security update for rubygem-activesupport-4_1 This update fixes the following security issues: - CVE-2015-3227: Possible Denial of Service attack in Active Support (bnc#934800) - CVE-2015-3226: XSS Vulnerability in ActiveSupport::JSON (bnc#934799)

Affected Systems

suse•rubygem-activesupport-4_1&distro=SUSE OpenStack Cloud 5
< 4.1.9-9.2

References (5)

https://www.suse.com/support/update/announcement/2016/suse-su-20160082-1/
https://bugzilla.suse.com/934799
https://bugzilla.suse.com/934800
https://www.suse.com/security/cve/CVE-2015-3226
https://www.suse.com/security/cve/CVE-2015-3227