CVE-2014-2538: Exception disclosure on malformed URI

March 25, 2014 (updated October 8, 2015)

Some adapters (i.e. jruby-rack) will pass through bad URIs, then display the resulting exception. This creates an attack vector for XSS attacks.

References

github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b
github.com/josh/rack-ssl/pull/34

Detect and mitigate CVE-2014-2538 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →