CVE-2014-2538
Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0027 (0.3%)
Percentil: 50.6%
EPSS: 2026-05-06
Afecta
joshua_peek:rack-sslDescripción técnica
Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.
Publicada: 25/3/2014, 18:21:48
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00032.html
- http://secunia.com/advisories/57466
- http://www.openwall.com/lists/oss-security/2014/03/19/20
- http://www.securityfocus.com/bid/66314
- https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00032.html
- http://secunia.com/advisories/57466
- http://www.openwall.com/lists/oss-security/2014/03/19/20