K0Kubun

**Name of the Vulnerable Software and Affected Versions** haml versions prior to 5.0.0.beta.2 **Description** The issue arises when user input is used to perform tasks on the server, and certain characters like <, >, ", and ' are not properly escaped. Specifically, the ' character was missed, allowing an attacker to manipulate the input and introduce additional attributes, potentially leading to code execution. **Recommendations** For versions prior to 5.0.0.beta.2, update to version 5.0.0.beta.2 or later to resolve the issue. As a temporary workaround, consider properly escaping all user input to prevent the introduction of malicious attributes.