CVE-2014-2538
Published Mar 25, 2014
Last updated 9 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joshua_peek:rack-ssl:*:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "C848D49F-B55F-46DD-8AAE-5AD6A133901F",
"versionEndIncluding": "1.3.4"
},
{
"criteria": "cpe:2.3:a:joshua_peek:rack-ssl:1.0.0:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "530729F2-19BA-4FFA-910A-CA163F27E47D"
},
{
"criteria": "cpe:2.3:a:joshua_peek:rack-ssl:1.1.0:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "5944F53F-D143-402E-AE1F-2B47D9746F4E"
},
{
"criteria": "cpe:2.3:a:joshua_peek:rack-ssl:1.2.0:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "F7236857-6F1C-4BE8-A034-7FC414CE677A"
},
{
"criteria": "cpe:2.3:a:joshua_peek:rack-ssl:1.3.0:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "77AD6600-A01A-403B-9C5F-BC4749713E5E"
},
{
"criteria": "cpe:2.3:a:joshua_peek:rack-ssl:1.3.1:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "007D6379-E107-4207-A978-852E89627398"
},
{
"criteria": "cpe:2.3:a:joshua_peek:rack-ssl:1.3.2:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "17C61C60-BC71-44C5-87BB-E2D1C93FAA8B"
},
{
"criteria": "cpe:2.3:a:joshua_peek:rack-ssl:1.3.3:*:*:*:*:ruby:*:*",
"vulnerable": true,
"matchCriteriaId": "EDE54BBF-FEB8-475C-8F9F-4DF439A1559E"
}
],
"operator": "OR"
}
]
}
]