Lucene search
DwfCVELIST:CVE-2017-1002201HistoryOct 15, 2019 - 5:35 p.m.
CVE-2017-1002201
2019-10-1517:35:57
dwf
www.cve.org
7
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ’ must be escaped properly. In this case, the ’ character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.
CNA Affected
[
{
"product": "haml",
"vendor": "http://haml.info/",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 5.0.0.beta.2"
}
]
}
]Related
gentoo
gentoo
Haml: Arbitrary code execution
2020-07-27 00:00:00
debian
debian
[SECURITY] [DLA 1986-1] ruby-haml security update
2019-11-10 17:24:47
[SECURITY] [DLA 2864-1] ruby-haml security update
2021-12-29 12:59:16
osv
osv
Haml vulnerable to cross-site scripting
2019-10-21 21:59:13
ruby-haml - security update
2021-12-29 00:00:00
CVE-2017-1002201
2019-10-15 18:15:10
nvd
nvd
CVE-2017-1002201
2019-10-15 18:15:10
nessus
nessus
Debian DLA-1986-1 : ruby-haml security update
2019-11-12 00:00:00
Debian DLA-2864-1 : ruby-haml - LTS security update
2021-12-29 00:00:00
GLSA-202007-27 : Haml: Arbitrary code execution
2020-07-27 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1986-1)
2019-11-11 00:00:00
Debian: Security Advisory (DLA-2864-1)
2021-12-30 00:00:00
github
github
Haml vulnerable to cross-site scripting
2019-10-21 21:59:13
cve
cve
CVE-2017-1002201
2019-10-15 18:15:10
prion
prion
Code injection
2019-10-15 18:15:00
debiancve
debiancve
CVE-2017-1002201
2019-10-15 18:15:10
rubygems
rubygems
haml failure to escape single quotes
2017-05-07 21:00:00
ubuntucve
ubuntucve
CVE-2017-1002201
2019-10-15 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-05-09 08:51:31
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34