Lucene search
GoogleOSV:CVE-2017-1002201HistoryOct 15, 2019 - 6:15 p.m.
CVE-2017-1002201
2019-10-1518:15:10
Google
osv.dev
6
0.002 Low
EPSS
Percentile
61.9%
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ’ must be escaped properly. In this case, the ’ character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.
Related
gentoo
gentoo
Haml: Arbitrary code execution
2020-07-27 00:00:00
nvd
nvd
CVE-2017-1002201
2019-10-15 18:15:10
debian
debian
[SECURITY] [DLA 1986-1] ruby-haml security update
2019-11-10 17:24:47
[SECURITY] [DLA 2864-1] ruby-haml security update
2021-12-29 12:59:16
osv
osv
Haml vulnerable to cross-site scripting
2019-10-21 21:59:13
ruby-haml - security update
2021-12-29 00:00:00
ruby-haml - security update
2019-11-09 00:00:00
cve
cve
CVE-2017-1002201
2019-10-15 18:15:10
openvas
openvas
Debian: Security Advisory (DLA-1986-1)
2019-11-11 00:00:00
Debian: Security Advisory (DLA-2864-1)
2021-12-30 00:00:00
nessus
nessus
Debian DLA-1986-1 : ruby-haml security update
2019-11-12 00:00:00
GLSA-202007-27 : Haml: Arbitrary code execution
2020-07-27 00:00:00
Debian DLA-2864-1 : ruby-haml - LTS security update
2021-12-29 00:00:00
github
github
Haml vulnerable to cross-site scripting
2019-10-21 21:59:13
ubuntucve
ubuntucve
CVE-2017-1002201
2019-10-15 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-05-09 08:51:31
cvelist
cvelist
CVE-2017-1002201
2019-10-15 17:35:57
prion
prion
Code injection
2019-10-15 18:15:00
debiancve
debiancve
CVE-2017-1002201
2019-10-15 18:15:10
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34