CVE-2017-1002201

Name of the Vulnerable Software and Affected Versions haml versions prior to 5.0.0.beta.2

Description The issue arises when user input is used to perform tasks on the server, and certain characters like <, >, ", and ' are not properly escaped. Specifically, the ' character was missed, allowing an attacker to manipulate the input and introduce additional attributes, potentially leading to code execution.

Recommendations For versions prior to 5.0.0.beta.2, update to version 5.0.0.beta.2 or later to resolve the issue. As a temporary workaround, consider properly escaping all user input to prevent the introduction of malicious attributes.