Server side cross-site scripting In org.jruby:jruby-stdlib
Description
RubyGems Cross-site Scripting vulnerability RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack requires the victim to browse to a malicious gem on a vulnerable gem server. This vulnerability is fixed in 2.7.6.
Mitigation
Update Impact
Minimal update. May introduce new vulnerabilities or breaking changes.
Ecosystem | Package | Affected version | Patched versions |
|---|---|---|---|
 maven | 9.1.16.0 | ||
 debian 14 | 3.2.0~rc.1-1 | ||
debian 13 | 3.2.0~rc.1-1 | ||
debian 13 | 9.1.17.0-1 | ||
debian 11 | 3.2.0~rc.1-1 | ||
 rubygems | 2.7.6 | ||
debian 12 | 9.1.17.0-1 | ||
debian 14 | 9.1.17.0-1 | ||
debian 12 | 3.2.0~rc.1-1 | ||
 rpm rhel7.6 | 0:2.0.0.648-36.el7_6 |
1-10 of 13
10
Aliases
References