Show In Browser Gem for Ruby /tmp/browser.html Arbitrary Script Injection
Published: May 17, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-2105 (NVD)
- GHSA: GHSA-9hx9-w2j6-rw76
- OSVDB: OSVDB-93490
GEM
PATCHED VERSIONS
None available.
DESCRIPTION
Show In Browser Gem for Ruby contains a flaw that is triggered when the application does not validate input passed via the /tmp/browser.html file. This may allow a local attacker to create a specially crafted request that would execute arbitrary script code in a user's browser.