Lucene search
HistoryNov 23, 2012 - 7:55 p.m.
CVE-2010-1330
cve-2010-1330
jruby
regex engine
utf-8
xss
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.8%
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to ‘u’, does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
Affected configurations
Node
jrubyjrubyRange≤1.4.0
ORjrubyjrubyMatch0.9.0
ORjrubyjrubyMatch0.9.1
ORjrubyjrubyMatch0.9.2
ORjrubyjrubyMatch0.9.8
ORjrubyjrubyMatch0.9.9
ORjrubyjrubyMatch1.0.0
ORjrubyjrubyMatch1.0.0rc1
ORjrubyjrubyMatch1.0.0rc2
ORjrubyjrubyMatch1.0.0rc3
ORjrubyjrubyMatch1.0.1
ORjrubyjrubyMatch1.0.2
ORjrubyjrubyMatch1.0.3
ORjrubyjrubyMatch1.1
ORjrubyjrubyMatch1.1beta1
ORjrubyjrubyMatch1.1rc1
ORjrubyjrubyMatch1.1rc2
ORjrubyjrubyMatch1.1rc3
ORjrubyjrubyMatch1.1.1
ORjrubyjrubyMatch1.1.2
ORjrubyjrubyMatch1.1.3
ORjrubyjrubyMatch1.1.4
ORjrubyjrubyMatch1.1.5
ORjrubyjrubyMatch1.1.6
ORjrubyjrubyMatch1.1.6rc1
ORjrubyjrubyMatch1.2.0
ORjrubyjrubyMatch1.2.0rc1
ORjrubyjrubyMatch1.2.0rc2
ORjrubyjrubyMatch1.3.0
ORjrubyjrubyMatch1.3.0rc1
ORjrubyjrubyMatch1.3.0rc2
ORjrubyjrubyMatch1.3.1
ORjrubyjrubyMatch1.4.0rc1
ORjrubyjrubyMatch1.4.0rc2
ORjrubyjrubyMatch1.4.0rc3
References
Social References
More
Related
osv
osv
Cross-site Scripting in in JRuby
2022-05-02 06:21:36
cvelist
cvelist
CVE-2010-1330
2012-11-23 19:00:00
nvd
nvd
CVE-2010-1330
2012-11-23 19:55:01
github
github
Cross-site Scripting in in JRuby
2022-05-02 06:21:36
debiancve
debiancve
CVE-2010-1330
2012-11-23 19:55:01
prion
prion
Cross site scripting
2012-11-23 19:55:00
rubygems
rubygems
redhat
redhat
(RHSA-2011:1456) Moderate: JBoss Enterprise SOA Platform 5.2.0 update
2011-11-16 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
75.8%
Related for CVE-2010-1330