Sha256: 2575a5376fab769f0604cb251c81c4e71a2cdff0b2f37fa622ff62eb923cc39c

Contents?: true

Size: 547 Bytes

Versions: 6

Compression:

Stored size: 547 Bytes

Contents

---
engine: jruby
cve: 2010-1330
osvdb: 77297
url: http://jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability
title: |
  JRuby XSS in the regular expression engine when processing invalid UTF-8 byte
  sequences
date: 2010-04-26
description: |
  The regular expression engine in JRuby before 1.4.1, when $KCODE is set to
  'u', does not properly handle characters immediately after a UTF-8
  character, which allows remote attackers to conduct cross-site scripting
  (XSS) attacks via a crafted string.
cvss_v2: 4.3
patched_versions:
  - ">= 1.4.1"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/rubies/jruby/CVE-2010-1330.yml
bundler-budit-0.6.2 data/ruby-advisory-db/rubies/jruby/CVE-2010-1330.yml
bundler-budit-0.6.1 data/ruby-advisory-db/rubies/jruby/CVE-2010-1330.yml
bundler-audit-0.6.1 data/ruby-advisory-db/rubies/jruby/CVE-2010-1330.yml
bundler-audit-0.6.0 data/ruby-advisory-db/rubies/jruby/CVE-2010-1330.yml
bundler-audit-0.5.0 data/ruby-advisory-db/rubies/jruby/CVE-2010-1330.yml