CVE-2010-1330

Published Nov 23, 2012
Last updated 3 months ago
CVSS info 4.3
Overview

Description: The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-79
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B80E8A57-557B-4D0D-B8E1-5ACFC3864076",
            "versionEndIncluding": "1.4.0"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:0.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8ECBD08-C9A8-4792-AA14-86DCF91ADD89"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:0.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48B3DCBA-8AE8-4881-BC18-0E42744C1BA2"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:0.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07D80333-29EC-4B02-BA8E-C0AE60BE6995"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:0.9.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19C4CED7-9603-4DCD-A4A2-E4C7347E6012"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:0.9.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA5DA067-102D-4E1D-B4AD-D8BF8AF91784"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE7F90C2-F634-44F7-AD72-87510766CA70"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.0.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "711C01B9-73B3-4AD9-B2EF-EB6B1CEB0CAC"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.0.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65C64ADD-B3D5-4B61-B14A-8DEEB2E1454E"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.0.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98C80996-F729-4995-9A47-8A702B1FE3E6"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11128A71-8F6D-433A-AC80-676F9037A1C4"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3044A80-8363-4D7B-AB01-CADBFA3E1924"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20D15245-4C9C-4908-B8E2-4A2911411D24"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "61AC6C28-AFE2-452F-9A41-C2D6C8325F22"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.1:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1CD53B5-AF00-4BC0-8EFF-90A9B0E59AD6"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.1:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABBB5044-5CE4-4468-AFFC-33EB990B439D"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.1:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68690546-7A76-461F-BBE1-75A7623941C7"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.1:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63D29E5A-E9D1-42E5-BC0C-178346C2BC9B"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94054B2C-AB94-4933-93E5-614066161723"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E985731A-CBC1-4062-A7C4-2F024814EBEC"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "448C60BB-3AA6-4ED5-A331-F44F03C1A73F"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12940080-34DE-423B-81FE-FE11077FD2E9"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A2435BC-A0C7-4AFC-87A5-6D8DD61213BD"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA36C6E8-FD6D-4837-9215-4E435002C872"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.1.6:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC70B7A2-C2A5-4C3F-A1EA-8E75615E427B"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5DF36A49-C7CA-443A-A417-280E2A9441DA"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.2.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41A7FE25-F683-4F98-8775-87BA051ABCC8"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.2.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5589BD4B-5D43-48C7-81CE-3B2D95430862"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56EAA3B9-30D0-4AF2-B62B-1EC7500A6FDA"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.3.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "349F615A-2049-448E-BE34-97BA95B671AE"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.3.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25DFE1EC-A25C-4117-94AB-703F8BFA22B3"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81F0914B-600F-4B85-B014-B31B9D04C5B8"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.4.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CEDA605-20AC-4BA4-B5AF-F50F1E568A59"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.4.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6007AD9D-D375-45C6-AC10-54EB3C493EDC"
          },
          {
            "criteria": "cpe:2.3:a:jruby:jruby:1.4.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54071574-B344-468D-B331-0B354B15633D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
