Moderate severity vulnerability that affects haml

2019-10-21T21:59:13
ID GHSA-R53W-G4XM-3GC6
Type github
Reporter GitHub Advisory Database
Modified 2019-11-11T22:12:13

Description

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.