CVE-2013-4492 (Medium) detected in i18n-0.5.0.gem
mend-bolt-for-github opened this issue · comments
CVE-2013-4492 - Medium Severity Vulnerability
Vulnerable Library - i18n-0.5.0.gem
New wave Internationalization support for Ruby.
Library home page: https://rubygems.org/gems/i18n-0.5.0.gem
Dependency Hierarchy:
- rails-3.0.9.gem (Root Library)
- activeresource-3.0.9.gem
- activemodel-3.0.9.gem
- ❌ i18n-0.5.0.gem (Vulnerable Library)
- activemodel-3.0.9.gem
- activeresource-3.0.9.gem
Found in HEAD commit: 0c785fd9400921392b8ee5e3e166f30364359ecc
Found in base branch: master
Vulnerability Details
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.
Publish Date: 2013-12-07
URL: CVE-2013-4492
CVSS 3 Score Details (5.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: N/A
- Attack Complexity: N/A
- Privileges Required: N/A
- User Interaction: N/A
- Scope: N/A
- Impact Metrics:
- Confidentiality Impact: N/A
- Integrity Impact: N/A
- Availability Impact: N/A
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2013-4492
Release Date: 2013-12-07
Fix Resolution: 0.6.6
Step up your Open Source Security Game with WhiteSource here