Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Mar 2014 14:05:19 +0100
From: Marcus Meissner <>
To: OSS Security List <>
Subject: CVE Request: rack-ssl rubygem: XSS in error page


The latest version of rack-ssl rubygem (1.4.0) contains a commit that fixes a
XSS vulnerability in the error page.

"Some adapters (i.e. jruby-rack) will pass through bad URIs, then display
the resulting exception. This creates an attack vector for XSS attacks.

Needs a CVE I think.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ