ADVISORIES

• CVE-2013-4318 (NVD)
• GHSA-42gq-h7xj-33r4
• OSVDB-96975

GEM

features

SEVERITY

CVSS v3.x: 5.4 (Medium)

PATCHED VERSIONS

None.

DESCRIPTION

Features Gem for Ruby contains a flaw that allows a local cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain input upon submission to /tmp/out.html. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser within the trust relationship between their browser and the server.