Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13bXEyLWpjOW0teHA0bc3XFg
Cross-site Scripting in in JRuby
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
Permalink: https://github.com/advisories/GHSA-wmq2-jc9m-xp4mJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13bXEyLWpjOW0teHA0bc3XFg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: over 1 year ago
Identifiers: GHSA-wmq2-jc9m-xp4m, CVE-2010-1330
References:
- https://nvd.nist.gov/vuln/detail/CVE-2010-1330
- https://bugs.gentoo.org/show_bug.cgi?id=317435
- https://bugzilla.redhat.com/show_bug.cgi?id=750306
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80277
- http://rhn.redhat.com/errata/RHSA-2011-1456.html
- http://secunia.com/advisories/46891
- http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html
- http://www.osvdb.org/77297
- https://github.com/advisories/GHSA-wmq2-jc9m-xp4m
Affected Packages
maven:org.jruby:jruby-core
Dependent packages: 72Dependent repositories: 157
Downloads:
Affected Version Ranges: < 1.4.1
Fixed in: 1.4.1
All affected versions:
All unaffected versions: 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6, 1.6.7, 1.6.8, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.7.10, 1.7.11, 1.7.12, 1.7.13, 1.7.14, 1.7.15, 1.7.16, 1.7.17, 1.7.18, 1.7.19, 1.7.20, 1.7.21, 1.7.22, 1.7.23, 1.7.24, 1.7.25, 1.7.26, 1.7.27