Описание
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | 5.0.4-3 |
| disco | not-affected | 5.0.4-3 |
| eoan | not-affected | 5.0.4-3 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 5.0.4-3 |
| esm-apps/jammy | not-affected | 5.0.4-3 |
| esm-apps/noble | not-affected | 5.0.4-3 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | released | 4.0.5-2+deb8u1build0.14.04.1~esm1 |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.
In haml versions prior to version 5.0.0.beta.2, when using user input ...
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3