fkie_cve-2010-1330
Vulnerability from fkie_nvd
Published
2012-11-23 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| jruby | jruby | * | |
| jruby | jruby | 0.9.0 | |
| jruby | jruby | 0.9.1 | |
| jruby | jruby | 0.9.2 | |
| jruby | jruby | 0.9.8 | |
| jruby | jruby | 0.9.9 | |
| jruby | jruby | 1.0.0 | |
| jruby | jruby | 1.0.0 | |
| jruby | jruby | 1.0.0 | |
| jruby | jruby | 1.0.0 | |
| jruby | jruby | 1.0.1 | |
| jruby | jruby | 1.0.2 | |
| jruby | jruby | 1.0.3 | |
| jruby | jruby | 1.1 | |
| jruby | jruby | 1.1 | |
| jruby | jruby | 1.1 | |
| jruby | jruby | 1.1 | |
| jruby | jruby | 1.1 | |
| jruby | jruby | 1.1.1 | |
| jruby | jruby | 1.1.2 | |
| jruby | jruby | 1.1.3 | |
| jruby | jruby | 1.1.4 | |
| jruby | jruby | 1.1.5 | |
| jruby | jruby | 1.1.6 | |
| jruby | jruby | 1.1.6 | |
| jruby | jruby | 1.2.0 | |
| jruby | jruby | 1.2.0 | |
| jruby | jruby | 1.2.0 | |
| jruby | jruby | 1.3.0 | |
| jruby | jruby | 1.3.0 | |
| jruby | jruby | 1.3.0 | |
| jruby | jruby | 1.3.1 | |
| jruby | jruby | 1.4.0 | |
| jruby | jruby | 1.4.0 | |
| jruby | jruby | 1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B80E8A57-557B-4D0D-B8E1-5ACFC3864076",
"versionEndIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:0.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E8ECBD08-C9A8-4792-AA14-86DCF91ADD89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48B3DCBA-8AE8-4881-BC18-0E42744C1BA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "07D80333-29EC-4B02-BA8E-C0AE60BE6995",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "19C4CED7-9603-4DCD-A4A2-E4C7347E6012",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5DA067-102D-4E1D-B4AD-D8BF8AF91784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7F90C2-F634-44F7-AD72-87510766CA70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "711C01B9-73B3-4AD9-B2EF-EB6B1CEB0CAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "65C64ADD-B3D5-4B61-B14A-8DEEB2E1454E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "98C80996-F729-4995-9A47-8A702B1FE3E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11128A71-8F6D-433A-AC80-676F9037A1C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B3044A80-8363-4D7B-AB01-CADBFA3E1924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20D15245-4C9C-4908-B8E2-4A2911411D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "61AC6C28-AFE2-452F-9A41-C2D6C8325F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E1CD53B5-AF00-4BC0-8EFF-90A9B0E59AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ABBB5044-5CE4-4468-AFFC-33EB990B439D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "68690546-7A76-461F-BBE1-75A7623941C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "63D29E5A-E9D1-42E5-BC0C-178346C2BC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94054B2C-AB94-4933-93E5-614066161723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E985731A-CBC1-4062-A7C4-2F024814EBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "448C60BB-3AA6-4ED5-A331-F44F03C1A73F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "12940080-34DE-423B-81FE-FE11077FD2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A2435BC-A0C7-4AFC-87A5-6D8DD61213BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FA36C6E8-FD6D-4837-9215-4E435002C872",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.1.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "FC70B7A2-C2A5-4C3F-A1EA-8E75615E427B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF36A49-C7CA-443A-A417-280E2A9441DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "41A7FE25-F683-4F98-8775-87BA051ABCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5589BD4B-5D43-48C7-81CE-3B2D95430862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56EAA3B9-30D0-4AF2-B62B-1EC7500A6FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "349F615A-2049-448E-BE34-97BA95B671AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "25DFE1EC-A25C-4117-94AB-703F8BFA22B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81F0914B-600F-4B85-B014-B31B9D04C5B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7CEDA605-20AC-4BA4-B5AF-F50F1E568A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6007AD9D-D375-45C6-AC10-54EB3C493EDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jruby:jruby:1.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "54071574-B344-468D-B331-0B354B15633D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The regular expression engine in JRuby before 1.4.1, when $KCODE is set to \u0027u\u0027, does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."
},
{
"lang": "es",
"value": "El motor de expresiones regulares en JRuby anterior a v1.4.1, cuando $KCODE est\u00e1 fijado en \u0027u\u0027, no trata correctamente los caracteres inmediatamente despu\u00e9s de caracteres UTF-8, permitiendo a atacantes remotos realizar ataques de tipo \"cross-site scripting\" (XSS) mediante una cadena manipulada."
}
],
"id": "CVE-2010-1330",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-23T19:55:01.273",
"references": [
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46891"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/77297"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…