Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:06
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-updates/2014-04/msg00032.html - | |
References | () http://secunia.com/advisories/57466 - Vendor Advisory | |
References | () http://www.openwall.com/lists/oss-security/2014/03/19/20 - | |
References | () http://www.securityfocus.com/bid/66314 - | |
References | () https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b - Patch |
Information
Published : 2014-03-25 18:21
Updated : 2025-04-12 10:46
NVD link : CVE-2014-2538
Mitre link : CVE-2014-2538
CVE.ORG link : CVE-2014-2538
JSON object : View
Products Affected
joshua_peek
- rack-ssl
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')