---
engine: jruby
cve: 2010-1330
osvdb: 77297
url: http://jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability
title: |
  JRuby XSS in the regular expression engine when processing invalid UTF-8 byte
  sequences
date: 2010-04-26
description: |
  The regular expression engine in JRuby before 1.4.1, when $KCODE is set to
  'u', does not properly handle characters immediately after a UTF-8
  character, which allows remote attackers to conduct cross-site scripting
  (XSS) attacks via a crafted string.
cvss_v2: 4.3
patched_versions:
  - ">= 1.4.1"