The regular expression engine in JRuby prior to 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jruby jruby 1.3.0 |
||
jruby jruby 1.1.6 |
||
jruby jruby 1.1 |
||
jruby jruby 1.1.2 |
||
jruby jruby 1.0.3 |
||
jruby jruby 0.9.8 |
||
jruby jruby 0.9.2 |
||
jruby jruby 1.4.0 |
||
jruby jruby 1.3.1 |
||
jruby jruby 1.1.1 |
||
jruby jruby 1.0.2 |
||
jruby jruby 1.0.0 |
||
jruby jruby 1.2.0 |
||
jruby jruby 1.1.4 |
||
jruby jruby 1.1.5 |
||
jruby jruby 1.0.1 |
||
jruby jruby 0.9.0 |
||
jruby jruby |
||
jruby jruby 1.1.3 |
||
jruby jruby 0.9.9 |
||
jruby jruby 0.9.1 |