ADVISORIES
GEM
SEVERITY
CVSS v3.x: 6.1 (Medium)
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
- >= 5.0.0.beta.2
DESCRIPTION
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.