Caucho · Resin Pro · CVE-2014-2966
**Name of the Vulnerable Software and Affected Versions**
Resin Pro versions prior to 4.0.40
**Description**
The issue concerns the ISO-8859-1 encoder, which does not properly perform Unicode transformations. This allows remote attackers to bypass intended text restrictions by using crafted characters. For example, it can be used to bypass an XSS protection mechanism.
**Recommendations**
For versions prior to 4.0.40, update to version 4.0.40 or later to resolve the issue. As a temporary workaround, consider restricting the input of crafted characters to minimize the risk of exploitation.