vulnerability

Ubuntu: (CVE-2017-1002201): ruby-haml vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Oct 15, 2019	Nov 19, 2024	Aug 19, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Oct 15, 2019

Added

Nov 19, 2024

Modified

Aug 19, 2025

Description

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.

Solution

ubuntu-pro-upgrade-ruby-haml

References

CVE-2017-100220
https://attackerkb.com/topics/CVE-2017-100220
CWE-79
URL-https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2
URL-https://snyk.io/vuln/SNYK-RUBY-HAML-20362
URL-https://www.cve.org/CVERecord?id=CVE-2017-1002201

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today