oss-sec mailing list archives
CVE Request: rack-ssl rubygem: XSS in error page
From: Marcus Meissner <meissner () suse de>
Date: Wed, 19 Mar 2014 14:05:19 +0100
Hi, The latest version of rack-ssl rubygem (1.4.0) contains a commit that fixes a XSS vulnerability in the error page. https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b "Some adapters (i.e. jruby-rack) will pass through bad URIs, then display the resulting exception. This creates an attack vector for XSS attacks. " Needs a CVE I think. Ciao, Marcus
Current thread:
- CVE Request: rack-ssl rubygem: XSS in error page Marcus Meissner (Mar 19)
- Re: CVE Request: rack-ssl rubygem: XSS in error page cve-assign (Mar 19)