CVE-2014-2538

2014-03-2518:21:48

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

65.6%

JSON

Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.

OSVersionArchitecturePackageVersionFilename
Debian12allruby-rack-ssl< 1.3.2-4ruby-rack-ssl_1.3.2-4_all.deb
Debian11allruby-rack-ssl< 1.3.2-4ruby-rack-ssl_1.3.2-4_all.deb
Debian999allruby-rack-ssl< 1.3.2-4ruby-rack-ssl_1.3.2-4_all.deb
Debian13allruby-rack-ssl< 1.3.2-4ruby-rack-ssl_1.3.2-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	ruby-rack-ssl	< 1.3.2-4	ruby-rack-ssl_1.3.2-4_all.deb
Debian	11	all	ruby-rack-ssl	< 1.3.2-4	ruby-rack-ssl_1.3.2-4_all.deb
Debian	999	all	ruby-rack-ssl	< 1.3.2-4	ruby-rack-ssl_1.3.2-4_all.deb
Debian	13	all	ruby-rack-ssl	< 1.3.2-4	ruby-rack-ssl_1.3.2-4_all.deb