Reflective XSS Vulnerability in Ruby on Rails
Published: December 03, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-4491 (NVD)
- GHSA: GHSA-699m-mcjm-9cw8
- OSVDB: OSVDB-100528
- Vendor Advisory: https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998
GEM
FRAMEWORK
SEVERITY
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
~> 3.2.16
>= 4.0.2
DESCRIPTION
There is a vulnerability in the internationalization component of Ruby on Rails. Under certain common configurations an attacker can provide specially crafted input which will execute a reflective XSS attack.
The root cause of this issue is a vulnerability in the i18n gem which has been assigned the identifier CVE-2013-4492.