CVE-2014-2538

🗓️ 25 Mar 2014 14:00:00Reported by mitreType

Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack

Reporter	Title	Published	Views	Family All 20
Cvelist	CVE-2014-2538	25 Mar 201414:00	–	cvelist
Debian CVE	CVE-2014-2538	25 Mar 201414:00	–	debiancve
EUVD	EUVD-2017-0309	7 Oct 202500:30	–	euvd
Fedora	[SECURITY] Fedora 20 Update: rubygem-rack-ssl-1.3.2-9.fc20	2 Apr 201409:19	–	fedora
Tenable Nessus	Fedora 20 : rubygem-rack-ssl-1.3.2-9.fc20 (2014-4118)	3 Apr 201400:00	–	nessus
Tenable Nessus	openSUSE Security Update : rubygem-rack-ssl (openSUSE-SU-2014:0515-1)	13 Jun 201400:00	–	nessus
Github Security Blog	rack-ssl Cross-site Scripting vulnerability	24 Oct 201718:33	–	github
Mageia	Updated ruby-rack-ssl packages fix CVE-2014-2538	3 Apr 201413:23	–	mageia
NVD	CVE-2014-2538	25 Mar 201418:21	–	nvd
OpenVAS	Fedora Update for rubygem-rack-ssl FEDORA-2014-4118	3 Apr 201400:00	–	openvas

NVD

Node

joshua_peek rack-sslRange≤1.3.4ruby

joshua_peek rack-sslMatch1.0.0ruby

joshua_peek rack-sslMatch1.1.0ruby

joshua_peek rack-sslMatch1.2.0ruby

joshua_peek rack-sslMatch1.3.0ruby

joshua_peek rack-sslMatch1.3.1ruby

joshua_peek rack-sslMatch1.3.2ruby

joshua_peek rack-sslMatch1.3.3ruby

Source	Link
lists	www.lists.opensuse.org/opensuse-updates/2014-04/msg00032.html
openwall	www.openwall.com/lists/oss-security/2014/03/19/20
securityfocus	www.securityfocus.com/bid/66314
github	www.github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b
secunia	www.secunia.com/advisories/57466

06 May 2026 22:30Current

5.5Medium risk

Vulners AI Score5.5

CVSS 24.3

EPSS0.00273

CWE-79