RubygemsResearch

Sha256: d6f52d9942aa499ac9049f1b7593ec22cc09ac18370944a27fc96ef661fda012

Contents?: true

Size: 654 Bytes

Versions: 5

Compression:

Stored size: 654 Bytes

---
gem: rack-ssl
cve: 2014-2538
osvdb: 104734
url: http://osvdb.org/show/osvdb/104734
title: rack-ssl Gem for Ruby Error Message Reflected XSS 
date: 2013-07-09
description: rack-ssl Gem for Ruby contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the program does not validate input passed via error messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
cvss_v2: 4.3
patched_versions:
  - ">= 1.3.4"

Version data entries

5 entries across 5 versions & 2 rubygems

Version	Path
bundler-budit-0.6.2	data/ruby-advisory-db/gems/rack-ssl/OSVDB-104734.yml
bundler-budit-0.6.1	data/ruby-advisory-db/gems/rack-ssl/OSVDB-104734.yml
bundler-audit-0.6.1	data/ruby-advisory-db/gems/rack-ssl/OSVDB-104734.yml
bundler-audit-0.6.0	data/ruby-advisory-db/gems/rack-ssl/OSVDB-104734.yml
bundler-audit-0.5.0	data/ruby-advisory-db/gems/rack-ssl/OSVDB-104734.yml