2012-11-23 19:00:00
mitre
PUBLISHED
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to u, does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.