In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: dwf
Published: 2019-10-15T17:35:57
Updated: 2024-08-05T22:08:11.499Z
Reserved: 2019-10-15T00:00:00
Link: CVE-2017-1002201
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-10-15T18:15:10.560
Modified: 2022-04-05T20:53:33.597
Link: CVE-2017-1002201
Redhat
No data.