ADVISORIES
- CVE-2013-2105 (NVD)
- GHSA-9hx9-w2j6-rw76
- OSVDB-93490
GEM
PATCHED VERSIONS
None.
DESCRIPTION
Show In Browser Gem for Ruby contains a flaw that is triggered when the application does not validate input passed via the /tmp/browser.html file. This may allow a local attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser.