CVE-2010-1330

The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
jrubyjruby
𝑥
≤ 1.4.0
jrubyjruby
0.9.0
jrubyjruby
0.9.1
jrubyjruby
0.9.2
jrubyjruby
0.9.8
jrubyjruby
0.9.9
jrubyjruby
1.0.0
jrubyjruby
1.0.0:rc1
jrubyjruby
1.0.0:rc2
jrubyjruby
1.0.0:rc3
jrubyjruby
1.0.1
jrubyjruby
1.0.2
jrubyjruby
1.0.3
jrubyjruby
1.1
jrubyjruby
1.1:beta1
jrubyjruby
1.1:rc1
jrubyjruby
1.1:rc2
jrubyjruby
1.1:rc3
jrubyjruby
1.1.1
jrubyjruby
1.1.2
jrubyjruby
1.1.3
jrubyjruby
1.1.4
jrubyjruby
1.1.5
jrubyjruby
1.1.6
jrubyjruby
1.1.6:rc1
jrubyjruby
1.2.0
jrubyjruby
1.2.0:rc1
jrubyjruby
1.2.0:rc2
jrubyjruby
1.3.0
jrubyjruby
1.3.0:rc1
jrubyjruby
1.3.0:rc2
jrubyjruby
1.3.1
jrubyjruby
1.4.0:rc1
jrubyjruby
1.4.0:rc2
jrubyjruby
1.4.0:rc3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
jruby
bookworm
9.3.9.0+ds-8
fixed
sid
9.4.8.0+ds-1
fixed
trixie
9.4.8.0+ds-1
fixed
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2011-1456.html
http://secunia.com/advisories/46891
http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html
http://www.osvdb.org/77297
https://bugs.gentoo.org/show_bug.cgi?id=317435
https://bugzilla.redhat.com/show_bug.cgi?id=750306
https://exchange.xforce.ibmcloud.com/vulnerabilities/80277
http://rhn.redhat.com/errata/RHSA-2011-1456.html
http://secunia.com/advisories/46891
http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html
http://www.osvdb.org/77297
https://bugs.gentoo.org/show_bug.cgi?id=317435
https://bugzilla.redhat.com/show_bug.cgi?id=750306
https://exchange.xforce.ibmcloud.com/vulnerabilities/80277