GHSA-r5hc-9xx5-97rw

Source

https://github.com/advisories/GHSA-r5hc-9xx5-97rw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-r5hc-9xx5-97rw/GHSA-r5hc-9xx5-97rw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r5hc-9xx5-97rw

Aliases

CVE-2013-4492

Published

2017-10-24T18:33:37Z

Modified

2024-12-06T05:35:08.105924Z

Summary

i18n gem Cross-site Scripting vulnerability

Details

Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.

Database specific

{
    "nvd_published_at": "2013-12-07T00:55:00Z",
    "severity": "MODERATE",
    "github_reviewed_at": "2020-06-16T21:53:45Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

RubyGems / i18n

Package

Name: i18n
Purl: pkg:gem/i18n

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.6

Affected versions

0.*

0.1.0

0.2.0

0.2.1

0.3.0

0.3.1

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6.pre

0.3.6

0.3.7

0.4.0.beta

0.4.0.beta1

0.4.0

0.4.1

0.4.2

0.5.0beta1

0.5.0beta2

0.5.0beta3

0.5.0

0.5.2

0.5.3

0.5.4

0.6.0beta1

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5