CVE-2017-1002201
Description
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " must be escaped properly. In this case, the character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.825
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| Vulnerabilities CVE-2017-1002201 are fixed in Ruby-haml 5.0.0 | Windows |
| Vulnerabilities CVE-2017-1002201 are fixed in Ruby-haml for Linux 5.0.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234