Lucene search

Veracode Vulnerability DatabaseVERACODE:4219

HistoryMay 09, 2017 - 8:51 a.m.

Cross-site Scripting (XSS)

2017-05-0908:51:31

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

61.9%

JSON

haml is vulnerable to cross-site scripting (XSS) attacks. The library does not escape characters like \< > \" \' properly, meaning that a malicious user can prepend these characters to inject and execute arbitrary code.

CPENameOperatorVersion
hamlle4.1.0.beta.1
hamlle4.1.0.beta.1

CPE	Name	Operator	Version
	haml	le	4.1.0.beta.1
	haml	le	4.1.0.beta.1

References

github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2

github.com/haml/haml/commit/d0086ec86df3b26012a7b38b532b56b7eb60cbfc

github.com/haml/haml/commit/e1dbf817e7bd03f825ad4da943c3b7d80053c63d

github.com/haml/haml/issues/901

github.com/haml/haml/pull/902

lists.debian.org/debian-lts-announce/2019/11/msg00007.html

lists.debian.org/debian-lts-announce/2021/12/msg00028.html

security.gentoo.org/glsa/202007-27

0.002 Low

EPSS

Percentile

61.9%

JSON

Related for VERACODE:4219