CVE-2018-16471
Description
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to http or https and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.168
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-16471,CVE-2018-16470 are fixed in Ruby-rack 2.0.6 | Windows |
| Vulnerabilities CVE-2018-16471 are fixed in Ruby-rack 1.6.11 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| modular Ruby webserver interface (USN-4089-1) ruby-rack_1.6.4-3ubuntu0.1_all.deb | Linux |
| modular Ruby webserver interface (USN-4089-1) ruby-rack_1.6.4-4ubuntu0.1_all.deb | Linux |
| Vulnerabilities CVE-2018-16471,CVE-2018-16470 are fixed in Ruby-rack for Linux 2.0.6 | Linux |
| Vulnerabilities CVE-2018-16471 are fixed in Ruby-rack for Linux 1.6.11 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234