The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.jruby:jruby-core(Maven) | 0 | 1.4.1 | N/A |
CVSS Metrics
