{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"}, {"name": "RHSA-2011:1456", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"}, {"name": "77297", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/77297"}, {"name": "46891", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46891"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"}, {"name": "jruby-expression-engine-xss(80277)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1330", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=750306", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"}, {"name": "RHSA-2011:1456", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=317435", "refsource": "MISC", "url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"}, {"name": "77297", "refsource": "OSVDB", "url": "http://www.osvdb.org/77297"}, {"name": "46891", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/46891"}, {"name": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html", "refsource": "CONFIRM", "url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"}, {"name": "jruby-expression-engine-xss(80277)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:21:18.254Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"}, {"name": "RHSA-2011:1456", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"}, {"name": "77297", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/77297"}, {"name": "46891", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/46891"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"}, {"name": "jruby-expression-engine-xss(80277)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1330", "datePublished": "2012-11-23T19:00:00", "dateReserved": "2010-04-08T00:00:00", "dateUpdated": "2024-08-07T01:21:18.254Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jruby:jruby:*:*:*:*:*:*:*:*", "matchCriteriaId": "B80E8A57-557B-4D0D-B8E1-5ACFC3864076", "versionEndIncluding": "1.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "E8ECBD08-C9A8-4792-AA14-86DCF91ADD89", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "48B3DCBA-8AE8-4881-BC18-0E42744C1BA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "07D80333-29EC-4B02-BA8E-C0AE60BE6995", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:0.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "19C4CED7-9603-4DCD-A4A2-E4C7347E6012", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "DA5DA067-102D-4E1D-B4AD-D8BF8AF91784", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AE7F90C2-F634-44F7-AD72-87510766CA70", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "711C01B9-73B3-4AD9-B2EF-EB6B1CEB0CAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.0.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "65C64ADD-B3D5-4B61-B14A-8DEEB2E1454E", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.0.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "98C80996-F729-4995-9A47-8A702B1FE3E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "11128A71-8F6D-433A-AC80-676F9037A1C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B3044A80-8363-4D7B-AB01-CADBFA3E1924", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "20D15245-4C9C-4908-B8E2-4A2911411D24", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "61AC6C28-AFE2-452F-9A41-C2D6C8325F22", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.1:beta1:*:*:*:*:*:*", "matchCriteriaId": "E1CD53B5-AF00-4BC0-8EFF-90A9B0E59AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "ABBB5044-5CE4-4468-AFFC-33EB990B439D", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "68690546-7A76-461F-BBE1-75A7623941C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.1:rc3:*:*:*:*:*:*", "matchCriteriaId": "63D29E5A-E9D1-42E5-BC0C-178346C2BC9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "94054B2C-AB94-4933-93E5-614066161723", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E985731A-CBC1-4062-A7C4-2F024814EBEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "448C60BB-3AA6-4ED5-A331-F44F03C1A73F", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "12940080-34DE-423B-81FE-FE11077FD2E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "9A2435BC-A0C7-4AFC-87A5-6D8DD61213BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "FA36C6E8-FD6D-4837-9215-4E435002C872", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.1.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "FC70B7A2-C2A5-4C3F-A1EA-8E75615E427B", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5DF36A49-C7CA-443A-A417-280E2A9441DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.2.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "41A7FE25-F683-4F98-8775-87BA051ABCC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "5589BD4B-5D43-48C7-81CE-3B2D95430862", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "56EAA3B9-30D0-4AF2-B62B-1EC7500A6FDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.3.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "349F615A-2049-448E-BE34-97BA95B671AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.3.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "25DFE1EC-A25C-4117-94AB-703F8BFA22B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "81F0914B-600F-4B85-B014-B31B9D04C5B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "7CEDA605-20AC-4BA4-B5AF-F50F1E568A59", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.4.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "6007AD9D-D375-45C6-AC10-54EB3C493EDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:jruby:jruby:1.4.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "54071574-B344-468D-B331-0B354B15633D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."}, {"lang": "es", "value": "El motor de expresiones regulares en JRuby anterior a v1.4.1, cuando $KCODE est\u00e1 fijado en 'u', no trata correctamente los caracteres inmediatamente despu\u00e9s de caracteres UTF-8, permitiendo a atacantes remotos realizar ataques de tipo \"cross-site scripting\" (XSS) mediante una cadena manipulada."}], "id": "CVE-2010-1330", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-11-23T19:55:01.273", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46891"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/77297"}, {"source": "cve@mitre.org", "url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2011-1456.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46891"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.jruby.org/2010/04/26/jruby-1-4-1-xss-vulnerability.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/77297"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.gentoo.org/show_bug.cgi?id=317435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80277"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:1456", "cpe": "cpe:/a:redhat:jboss_soa_platform:5.1", "product_name": "Red Hat JBoss SOA Platform 5.1", "release_date": "2011-11-16T00:00:00Z"}], "bugzilla": {"description": "jruby: XSS in the regular expression engine when processing invalid UTF-8 byte sequences", "id": "750306", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750306"}, "csaw": false, "cvss": {"cvss_base_score": "5.0", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."], "name": "CVE-2010-1330", "public_date": "2010-04-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-1330\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1330"], "threat_severity": "Moderate"}