CVE-2010-1330

Name of the Vulnerable Software and Affected Versions JRuby versions prior to 1.4.1

Description The issue is related to the regular expression engine in JRuby. When $KCODE is set to 'u', it does not properly handle characters immediately after a UTF-8 character. This allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.

Recommendations For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of $KCODE set to 'u' in the regular expression engine until a patch is applied.