ADVISORIES
- CVE-2013-2105 (NVD)
- OSVDB-93490
GEM
PATCHED VERSIONS
None.
DESCRIPTION
Show In Browser Gem for Ruby contains a flaw that is triggered when the application does not validate input passed via the /tmp/browser.html file. This may allow a local attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser.