Candidate: CVE-2014-2538
PublicDate: 2014-03-25 18:21:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2538
 https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b
Description:
 Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl
 gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web
 script or HTML via a URI, which might not be properly handled by
 third-party adapters such as JRuby-Rack.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742186
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_ruby-rack-ssl:
upstream_ruby-rack-ssl: needs-triage
lucid_ruby-rack-ssl: DNE
precise_ruby-rack-ssl: DNE
precise/esm_ruby-rack-ssl: DNE
quantal_ruby-rack-ssl: ignored (reached end-of-life)
saucy_ruby-rack-ssl: ignored (reached end-of-life)
trusty_ruby-rack-ssl: ignored (reached end-of-life)
trusty/esm_ruby-rack-ssl: DNE (trusty was needed)
utopic_ruby-rack-ssl: ignored (reached end-of-life)
vivid_ruby-rack-ssl: ignored (reached end-of-life)
vivid/stable-phone-overlay_ruby-rack-ssl: DNE
vivid/ubuntu-core_ruby-rack-ssl: DNE
wily_ruby-rack-ssl: ignored (reached end-of-life)
xenial_ruby-rack-ssl: not-affected (1.3.2-4)
yakkety_ruby-rack-ssl: ignored (reached end-of-life)
zesty_ruby-rack-ssl: ignored (reached end-of-life)
artful_ruby-rack-ssl: ignored (reached end-of-life)
bionic_ruby-rack-ssl: not-affected (1.3.2-4)
cosmic_ruby-rack-ssl: not-affected (1.3.2-4)
disco_ruby-rack-ssl: not-affected (1.3.2-4)
devel_ruby-rack-ssl: not-affected (1.3.2-4)