VDB

GCVE-110-MAGEIA-2014-156

GCVE-110-MAGEIA-2014-156
Advisory Published
Vulnetix · Advisory published April 3, 2014
Updated ruby-rack-ssl packages fix security vulnerabilities: Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack (CVE-2014-2538).

Affected Products

VendorProductVersionsPlatforms
Mageiastar0 (affected), 1.5a89-2.2.mga3 (unaffected)
Mageiaruby-rack-ssl0 (affected), 1.3.3-3.1.mga4 (unaffected), 0 (affected), 1.3.3-3.1.mga4 (unaffected)
Mageiaruby-rack-ssl0 (affected), 1.3.2-3.1.mga3 (unaffected), 0 (affected), 1.3.2-3.1.mga3 (unaffected)

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›