CVE-2013-4491: Reflective XSS Vulnerability

December 6, 2013 (updated August 8, 2019)

There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack.

References

seclists.org/oss-sec/2013/q4/401

Code Behaviors & Features

Detect and mitigate CVE-2013-4491 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →