Sha256: da07a18adc449138ff9401c399c40e01ebfee2badb599fad53659aed8f8741c4
Contents?: true
Size: 666 Bytes
Versions: 1
Compression:
Stored size: 666 Bytes
Contents
--- gem: rack-ssl cve: 2014-2538 osvdb: 104734 url: https://nvd.nist.gov/vuln/detail/CVE-2014-2538 title: rack-ssl Gem for Ruby Error Message Reflected XSS date: 2013-07-09 description: rack-ssl Gem for Ruby contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the program does not validate input passed via error messages before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. cvss_v2: 4.3 patched_versions: - ">= 1.3.4"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/rack-ssl/CVE-2014-2538.yml |