Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2017-1002201
PUBLISHED
More InfoOfficial Page
Assigner-dwf
Assigner Org ID-7556d962-6fb7-411e-85fa-6cd62f095ba8
View Known Exploited Vulnerability (KEV) details
Published At-15 Oct, 2019 | 17:35
Updated At-05 Aug, 2024 | 22:08
Rejected At-
▼CVE Numbering Authority (CNA)

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.

Affected Products
Vendor
http://haml.info/
Product
haml
Versions
Affected
  • All versions prior to version 5.0.0.beta.2
Problem Types
TypeCWE IDDescription
textN/ACross-site Scripting (XSS)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
x_refsource_MISC
https://snyk.io/vuln/SNYK-RUBY-HAML-20362
x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2019/11/msg00007.html
mailing-list
x_refsource_MLIST
https://security.gentoo.org/glsa/202007-27
vendor-advisory
x_refsource_GENTOO
https://lists.debian.org/debian-lts-announce/2021/12/msg00028.html
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
x_refsource_MISC
x_transferred
https://snyk.io/vuln/SNYK-RUBY-HAML-20362
x_refsource_CONFIRM
x_transferred
https://lists.debian.org/debian-lts-announce/2019/11/msg00007.html
mailing-list
x_refsource_MLIST
x_transferred
https://security.gentoo.org/glsa/202007-27
vendor-advisory
x_refsource_GENTOO
x_transferred
https://lists.debian.org/debian-lts-announce/2021/12/msg00028.html
mailing-list
x_refsource_MLIST
x_transferred
Details not found