5 matches found
CVE-2017-1002201
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...
SUSE CVE-2017-1002201
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...
Debian DLA-2864-1 : ruby-haml - LTS security update
The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2864 advisory. - In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like ' must be escaped properly. In this case, the '...
GLSA-202007-27 : Haml: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-202007-27 Haml: Arbitrary code execution It was discovered that Haml was not correctly filtering out special characters which may be used for attributes. Impact : A remote attacker could possibly execute arbitrary code with the...
CVE-2017-1002201
CVE-2017-1002201 describes a cross-site scripting/code execution risk in Haml prior to 5.0.0.beta.2 when user input is used on the server and the single quote character was not escaped, allowing input manipulation that could introduce attributes and potentially execute code. Public details confir...