Lucene search

GoogleOSV:GHSA-R5HC-9XX5-97RW

HistoryOct 24, 2017 - 6:33 p.m.

i18n gem Cross-site Scripting vulnerability

2017-10-2418:33:37

Google

osv.dev

0.003 Low

EPSS

Percentile

65.9%

JSON

Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.

CPENameOperatorVersion
i18neq0.5.3
i18neq0.2.1
i18neq0.6.0beta1
i18neq0.6.4
i18neq0.6.1
i18neq0.6.0
i18neq0.3.7
i18neq0.3.3
i18neq0.3.1
i18neq0.3.4

Name	Operator	Version
i18n	eq	0.5.3
i18n	eq	0.2.1
i18n	eq	0.6.0beta1
i18n	eq	0.6.4
i18n	eq	0.6.1
i18n	eq	0.6.0
i18n	eq	0.3.7
i18n	eq	0.3.3
i18n	eq	0.3.1
i18n	eq	0.3.4

Rows per page:

1-10 of 311

References

lists.opensuse.org/opensuse-updates/2013-12/msg00093.html

weblog.rubyonrails.org/2013/12/3/Rails_3_2_16_and_4_0_2_have_been_released

www.debian.org/security/2013/dsa-2830

access.redhat.com/errata/RHBA-2015:1100

access.redhat.com/errata/RHSA-2017:0320

access.redhat.com/errata/RHSA-2018:0380

access.redhat.com/security/cve/CVE-2013-4492

bugzilla.redhat.com/show_bug.cgi?id=1039435

github.com/advisories/GHSA-r5hc-9xx5-97rw

github.com/ruby-i18n/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445

github.com/rubysec/ruby-advisory-db/blob/master/gems/i18n/CVE-2013-4492.yml

github.com/svenfuchs/i18n

github.com/svenfuchs/i18n/commit/92b57b1e4f84adcdcc3a375278f299274be62445

groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998

nvd.nist.gov/vuln/detail/CVE-2013-4492

web.archive.org/web/20201208125214/https://groups.google.com/forum/message/raw?msg=ruby-security-ann/pLrh6DUw998/bLFEyIO4k_EJ

web.archive.org/web/20210731082547/www.securityfocus.com/bid/64076

0.003 Low

EPSS

Percentile

65.9%

JSON

Related for OSV:GHSA-R5HC-9XX5-97RW