ADVISORIES
- CVE-2013-4491 (NVD)
- GHSA-699m-mcjm-9cw8
- OSVDB-100528
- Vendor Advisory
GEM
FRAMEWORK
SEVERITY
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
- ~> 3.2.16
- >= 4.0.2
DESCRIPTION
There is a vulnerability in the internationalization component of Ruby on Rails. Under certain common configurations an attacker can provide specially crafted input which will execute a reflective XSS attack.
The root cause of this issue is a vulnerability in the i18n gem which has been assigned the identifier CVE-2013-4492.