i18n missing translation error message XSS
Published: December 03, 2013
SECURITY IDENTIFIERS
- CVE: CVE-2013-4492 (NVD)
- GHSA: GHSA-r5hc-9xx5-97rw
- OSVDB: OSVDB-100528
- Vendor Advisory: https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998
GEM
SEVERITY
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
~> 0.5.1
>= 0.6.6
DESCRIPTION
The HTML exception message raised by I18n::MissingTranslation fails to escape the keys.