Miggo Logo
Miggo Vulnerability Database
CVE-2013-1857

CVE-2013-1857: actionpack Cross-site Scripting vulnerability

N/A

CVSS Score

Basic Information

CVE ID
CVE-2013-1857
GHSA ID
GHSA-j838-vfpq-fmf2
EPSS Score
0.69231%
CWE
CWE-79
Published
10/24/2017
Updated
11/10/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
actionpackrubygems< 2.3.182.3.18
actionpackrubygems>= 3.0.0, < 3.1.123.1.12
actionpackrubygems>= 3.2.0, < 3.2.133.2.13

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of encoded colon characters in URL scheme validation. The patch information shows modifications to protocol_separator regex and contains_bad_protocols? method in HTML::WhiteListSanitizer class, specifically adding detection of various colon encodings. This function's failure to properly decode/validate these sequences enabled XSS via crafted schemes.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** s*nitiz* **lp*r in `li*/**tion_*ontroll*r/v*n*or/*tml-s**nn*r/*tml/s*nitiz*r.r*` in t** **tion P**k *ompon*nt in Ru*y on R*ils ***or* *.*.**, *.*.x *n* *.*.x ***or* *.*.**, *n* *.*.x ***or* *.*.** *o*s not prop*rly **n*l* *n*o*** `:` (*olon) ***r

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* *n*o*** *olon ***r**t*rs in URL s***m* v*li**tion. T** p*t** in*orm*tion s*ows mo*i*i**tions to proto*ol_s*p*r*tor r***x *n* *ont*ins_***_proto*ols? m*t*o* in *TML::W*it*ListS*nitiz*r *l*ss, sp**i*i**