MGASA-2014-0156

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0156.html

Import Source

https://advisories.mageia.org/MGASA-2014-0156.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0156

Upstream

CVE-2014-2538

Published

2014-04-03T13:23:20Z

Modified

2026-04-16T06:25:43.961292988Z

Summary

Updated ruby-rack-ssl packages fix CVE-2014-2538

Details

Updated ruby-rack-ssl packages fix security vulnerabilities:

Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack (CVE-2014-2538).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / ruby-rack-ssl

Package

Name: ruby-rack-ssl
Purl: pkg:rpm/mageia/ruby-rack-ssl?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.2-3.1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0156.json"

Mageia:4 / ruby-rack-ssl

Package

Name: ruby-rack-ssl
Purl: pkg:rpm/mageia/ruby-rack-ssl?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.3-3.1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0156.json"