CVE-2014-0081: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

February 20, 2014 (updated August 8, 2019)

Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.

References

nvd.nist.gov/vuln/detail/CVE-2014-0081

Code Behaviors & Features

Detect and mitigate CVE-2014-0081 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →