Jruby : Security Vulnerabilities, CVEs, (XSS)
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
Max CVSS
4.3
EPSS Score
0.47%
Published
2012-11-23
Updated
2021-01-12
1 vulnerabilities found