RubySec

Providing security resources for the Ruby community

CVE-2013-4492 (i18n): i18n missing translation error message XSS

ADVISORIES

GEM

i18n

SEVERITY

CVSS v2.0: 4.3 (Medium)

PATCHED VERSIONS

  • ~> 0.5.1
  • >= 0.6.6

DESCRIPTION

The HTML exception message raised by I18n::MissingTranslation fails to escape the keys.

Contact us @rubysec or open an issue on our GitHub repository.

Recent Advisories