4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
70.7%
The official ruby site reports:
WEBrick have had a cross-site scripting vulnerability that allows
an attacker to inject arbitrary script or HTML via a crafted URI.
This does not affect user agents that strictly implement HTTP/1.1,
however, some user agents do not.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | ruby | = 1.8.*,1 | UNKNOWN |
FreeBSD | any | noarch | ruby | < 1.8.7.248_3,1 | UNKNOWN |
FreeBSD | any | noarch | ruby+pthreads | = 1.8.*,1 | UNKNOWN |
FreeBSD | any | noarch | ruby+pthreads | < 1.8.7.248_3,1 | UNKNOWN |
FreeBSD | any | noarch | ruby+pthreads+oniguruma | = 1.8.*,1 | UNKNOWN |
FreeBSD | any | noarch | ruby+pthreads+oniguruma | < 1.8.7.248_3,1 | UNKNOWN |
FreeBSD | any | noarch | ruby+oniguruma | = 1.8.*,1 | UNKNOWN |
FreeBSD | any | noarch | ruby+oniguruma | < 1.8.7.248_3,1 | UNKNOWN |