Lucene search
GoogleOSV:GHSA-V3RR-CPH9-2G2QHistoryOct 24, 2017 - 6:33 p.m.
rack-ssl Cross-site Scripting vulnerability
2017-10-2418:33:36
Google
osv.dev
6
0.003 Low
EPSS
Percentile
65.6%
Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.
References
lists.opensuse.org/opensuse-updates/2014-04/msg00032.html
www.openwall.com/lists/oss-security/2014/03/19/20
github.com/josh/rack-ssl
github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b
github.com/rubysec/ruby-advisory-db/blob/master/gems/rack-ssl/CVE-2014-2538.yml
nvd.nist.gov/vuln/detail/CVE-2014-2538
web.archive.org/web/20140524002455/secunia.com/advisories/57466
web.archive.org/web/20200228185649/www.securityfocus.com/bid/66314
Related
nessus
nessus
Fedora 20 : rubygem-rack-ssl-1.3.2-9.fc20 (2014-4118)
2014-04-03 00:00:00
openSUSE Security Update : rubygem-rack-ssl (openSUSE-SU-2014:0515-1)
2014-06-13 00:00:00
openvas
openvas
Fedora Update for rubygem-rack-ssl FEDORA-2014-4118
2014-04-03 00:00:00
Fedora Update for rubygem-rack-ssl FEDORA-2014-4118
2014-04-03 00:00:00
Mageia: Security Advisory (MGASA-2014-0156)
2022-01-28 00:00:00
ubuntucve
ubuntucve
CVE-2014-2538
2014-03-25 00:00:00
prion
prion
Cross site scripting
2014-03-25 18:21:00
cvelist
cvelist
CVE-2014-2538
2014-03-25 14:00:00
nvd
nvd
CVE-2014-2538
2014-03-25 18:21:48
seebug
seebug
Ruby rack-ssl Gem้่ฏฏ้กต้ข่ทจ็ซ่ๆฌๆผๆด
2014-03-21 00:00:00
mageia
mageia
Updated ruby-rack-ssl packages fix CVE-2014-2538
2014-04-03 17:23:20
github
github
rack-ssl Cross-site Scripting vulnerability
2017-10-24 18:33:36
debiancve
debiancve
CVE-2014-2538
2014-03-25 18:21:48
cve
cve
CVE-2014-2538
2014-03-25 18:21:48
fedora
fedora
[SECURITY] Fedora 20 Update: rubygem-rack-ssl-1.3.2-9.fc20
2014-04-02 09:19:53
rubygems
rubygems
CVE-2014-2538 rubygem rack-ssl: URL error display XSS
2013-07-08 20:00:00