Date: Wed, 19 Mar 2014 14:05:19 +0100 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: CVE Request: rack-ssl rubygem: XSS in error page Hi, The latest version of rack-ssl rubygem (1.4.0) contains a commit that fixes a XSS vulnerability in the error page. https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b "Some adapters (i.e. jruby-rack) will pass through bad URIs, then display the resulting exception. This creates an attack vector for XSS attacks. " Needs a CVE I think. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ