CVE-2010-1330
EPSS 0.43%Cross-site Scripting in in JRuby
Published: 5/2/2022Modified: 4/28/2026
Also known as:DEBIAN-CVE-2010-1330
Description
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
Affected packages (2)
- Debian/jrubyfrom 0, < 1.5.0~rc1-1
- Maven/org.jruby:jruby-corefrom 0, < 1.4.1
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2010-1330
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-1330
- PATCHhttps://github.com/jruby/jruby
- WEBhttp://rhn.redhat.com/errata/RHSA-2011-1456.html
- WEBhttps://bugs.gentoo.org/show_bug.cgi?id=317435
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=750306
- WEBhttp://secunia.com/advisories/46891
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80277
- WEBhttp://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html
- WEBhttp://www.osvdb.org/77297