Ruby/i18n/0.3.7

New wave Internationalization support for Ruby.

Repo Link: https://rubygems.org/gems/i18n
License: UNKNOWN

5 Security Vulnerabilities

i18n Vulnerable to Denial of Service Attack

Published date: 2022-05-14T01:48:52Z

CVE: CVE-2014-10077

Links:

Hash#slice in lib/i18n/coreext/hash.rb in the i18n gem before 0.8.0 for Ruby allows remote attackers to cause a denial of service (application crash) via a call in a situation where :somekey is present in keep_keys but not present in the hash.

Affected versions: ["0.8.0.beta1", "0.7.0", "0.7.0.beta1", "0.6.11", "0.6.9", "0.6.8", "0.6.5", "0.6.4", "0.6.3", "0.6.2", "0.6.1", "0.6.0", "0.6.0beta1", "0.5.4", "0.5.3", "0.5.2", "0.5.0", "0.5.0beta3", "0.5.0beta2", "0.5.0beta1", "0.4.2", "0.4.1", "0.4.0", "0.4.0.beta1", "0.4.0.beta", "0.3.7", "0.3.6", "0.3.6.pre", "0.3.5", "0.3.4", "0.3.3", "0.3.2", "0.3.1", "0.3.0", "0.2.1", "0.2.0", "0.1.0"]

Secure versions: [1.8.5, 1.8.4, 1.8.3, 1.8.2, 1.8.1, 1.8.0, 1.7.1, 1.7.0, 1.6.0, 1.5.3, 1.5.2, 1.5.1, 1.4.0, 1.3.0, 1.2.0, 1.1.1, 1.1.0, 1.0.1, 1.0.0, 0.9.5, 0.9.4, 0.9.3, 0.9.1, 0.9.0, 0.8.6, 0.8.5, 0.8.4, 0.8.3, 0.8.1, 0.8.0, 1.8.6, 1.8.7, 1.8.8, 1.8.9, 1.8.10, 1.8.11, 1.9.0, 1.9.1, 1.10.0, 1.11.0, 1.12.0, 1.13.0, 1.14.0, 1.14.1, 1.14.3, 1.14.4, 1.14.5, 1.14.6]

Recommendation: Update to version 1.14.6.

i18n gem Cross-site Scripting vulnerability

Published date: 2017-10-24T18:33:37Z

CVE: CVE-2013-4492

Links:

Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.

Affected versions: ["0.6.5", "0.6.4", "0.6.3", "0.6.2", "0.6.1", "0.6.0", "0.6.0beta1", "0.5.4", "0.5.3", "0.5.2", "0.5.0", "0.5.0beta3", "0.5.0beta2", "0.5.0beta1", "0.4.2", "0.4.1", "0.4.0", "0.4.0.beta1", "0.4.0.beta", "0.3.7", "0.3.6", "0.3.6.pre", "0.3.5", "0.3.4", "0.3.3", "0.3.2", "0.3.1", "0.3.0", "0.2.1", "0.2.0", "0.1.0"]

Recommendation: Update to version 1.14.6.

i18n missing translation error message XSS

Published date: 2013-12-03

CVE: 2013-4492

CVSS V2: 4.3

Links:

https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998

The HTML exception message raised by I18n::MissingTranslation fails to escape the keys.

Affected versions: ["0.6.5", "0.6.4", "0.6.3", "0.6.2", "0.6.1", "0.6.0", "0.6.0beta1", "0.4.2", "0.4.1", "0.4.0", "0.4.0.beta1", "0.4.0.beta", "0.3.7", "0.3.6", "0.3.6.pre", "0.3.5", "0.3.4", "0.3.3", "0.3.2", "0.3.1", "0.3.0", "0.2.1", "0.2.0", "0.1.0"]

Recommendation: Update to version 1.14.6.

i18n Gem for Ruby lib/i18n/core_ext/hash.rb Hash#slice() Function Hash Handling DoS

Published date: 2014-09-27

CVE: 2014-10077

CVSS V3: 7.5

Links:

https://github.com/svenfuchs/i18n/pull/289

i18n Gem for Ruby contains a flaw in the Hash#slice() function in lib/i18n/coreext/hash.rb that is triggered when calling a hash when :somekey is in keep_keys but not in the hash. This may allow an attacker to cause the program to crash.

Recommendation: Update to version 1.14.6.

i18n missing translation error message XSS

Published date: 2013-12-03

CVE: 2013-4492

CVSS V2: 4.3

Links:

https://groups.google.com/forum/#!topic/ruby-security-ann/pLrh6DUw998

The HTML exception message raised by I18n::MissingTranslation fails to escape the keys.

Recommendation: Update to version 1.14.6.

85 Other Versions

Version	License	Security	Released
0.8.0.beta1	MIT	2	2016-11-21 - 00:47	almost 8 years
0.6.11	MIT	2	2014-07-09 - 17:58	over 10 years
0.7.0	MIT	2	2014-12-19 - 17:06	almost 10 years
0.6.8	MIT	2	2013-12-03 - 20:02	almost 11 years
0.7.0.beta1	MIT	2	2014-08-18 - 17:10	about 10 years
0.6.9	MIT	2	2013-12-03 - 22:10	almost 11 years
0.3.0	UNKNOWN	5	2009-11-30 - 14:15	almost 15 years
0.3.3	UNKNOWN	5	2009-12-29 - 14:34	almost 15 years
0.3.2	UNKNOWN	5	2009-12-12 - 12:10	almost 15 years
0.3.5	UNKNOWN	5	2010-02-25 - 23:07	over 14 years
0.3.4	UNKNOWN	5	2010-02-25 - 13:45	over 14 years
0.3.6	UNKNOWN	5	2010-03-23 - 22:45	over 14 years
0.3.6.pre	UNKNOWN	5	2010-03-10 - 21:08	over 14 years
0.6.5	MIT	5	2013-08-13 - 08:49	about 11 years
0.3.1	UNKNOWN	5	2009-12-10 - 23:19	almost 15 years
0.1.0	UNKNOWN	5	2009-07-25 - 18:13	over 15 years
0.6.1	UNKNOWN	5	2012-08-31 - 11:23	about 12 years
0.2.1	UNKNOWN	5	2009-11-19 - 12:12	almost 15 years
0.4.1	UNKNOWN	5	2010-06-05 - 17:37	over 14 years
0.4.0.beta1	UNKNOWN	5	2010-05-03 - 11:45	over 14 years
0.4.0	UNKNOWN	5	2010-05-27 - 21:45	over 14 years
0.4.2	UNKNOWN	5	2010-10-26 - 19:56	about 14 years
0.6.3	MIT	5	2013-02-27 - 20:02	over 11 years
0.3.7	UNKNOWN	5	2010-04-17 - 14:47	over 14 years
0.4.0.beta	UNKNOWN	5	2010-04-30 - 14:11	over 14 years
0.2.0	UNKNOWN	5	2009-08-05 - 00:31	over 15 years
0.6.4	MIT	5	2013-02-27 - 23:46	over 11 years
0.6.2	MIT	5	2013-02-25 - 22:56	over 11 years
0.6.0beta1	UNKNOWN	5	2011-04-26 - 08:36	over 13 years
0.6.0	UNKNOWN	5	2011-05-22 - 11:34	over 13 years
0.5.0	UNKNOWN	3	2010-11-29 - 09:13	almost 14 years
0.5.0beta2	UNKNOWN	3	2010-11-18 - 01:04	almost 14 years
0.5.0beta3	UNKNOWN	3	2010-11-18 - 07:56	almost 14 years
0.5.3	UNKNOWN	3	2013-12-09 - 23:07	almost 11 years
0.5.4	UNKNOWN	3	2014-05-28 - 22:26	over 10 years
0.5.2	UNKNOWN	3	2013-12-03 - 20:13	almost 11 years
0.5.0beta1	UNKNOWN	3	2010-11-14 - 17:04	almost 14 years
0.8.1	MIT		2017-02-22 - 02:51	over 7 years
0.8.4	MIT		2017-05-31 - 01:44	over 7 years
0.8.5	MIT		2017-07-08 - 00:45	over 7 years
0.8.3	MIT		2017-05-30 - 22:38	over 7 years
0.8.0	MIT		2017-01-31 - 22:11	almost 8 years
0.9.3	MIT		2018-01-22 - 22:53	almost 7 years
0.9.4	MIT		2018-02-09 - 05:20	almost 7 years
0.9.1	MIT		2017-11-03 - 00:36	about 7 years
1.0.0	MIT		2018-02-14 - 01:29	over 6 years
1.1.0	MIT		2018-08-07 - 22:15	over 6 years
1.1.1	MIT		2018-10-14 - 09:16	about 6 years
1.0.1	MIT		2018-04-18 - 04:56	over 6 years
0.9.5	MIT		2018-02-13 - 22:06	over 6 years
0.9.0	MIT		2017-10-15 - 22:38	about 7 years
1.4.0	MIT		2019-01-01 - 21:32	almost 6 years
1.5.2	MIT		2019-01-14 - 04:28	almost 6 years
1.5.3	MIT		2019-01-21 - 21:39	almost 6 years
1.5.1	MIT		2019-01-06 - 22:48	almost 6 years
1.3.0	MIT		2018-12-20 - 10:31	almost 6 years
1.7.1	MIT		2020-01-07 - 21:55	almost 5 years
1.8.0	MIT		2020-01-09 - 00:57	almost 5 years
1.7.0	MIT		2019-10-04 - 06:07	about 5 years
1.8.2	MIT		2020-01-13 - 01:29	almost 5 years
1.8.4	MIT		2020-07-20 - 00:29	over 4 years
1.8.5	MIT		2020-07-23 - 23:19	over 4 years
1.8.3	MIT		2020-06-05 - 00:23	over 4 years
1.8.1	MIT		2020-01-09 - 10:03	almost 5 years
1.6.0	MIT		2019-03-03 - 21:09	over 5 years
1.2.0	MIT		2018-12-11 - 00:23	almost 6 years
0.8.6	MIT		2017-07-10 - 05:39	over 7 years
1.8.6	MIT		2021-01-01 - 22:34	almost 4 years
1.8.7	MIT		2021-01-04 - 10:02	almost 4 years
1.8.8	MIT		2021-02-02 - 00:49	almost 4 years
1.8.9	MIT		2021-02-12 - 20:14	over 3 years
1.8.10	MIT		2021-03-30 - 22:37	over 3 years
1.8.11	MIT		2021-11-02 - 22:30	about 3 years
1.9.0	MIT		2022-01-26 - 23:28	almost 3 years
1.9.1	MIT		2022-01-27 - 21:00	almost 3 years
1.10.0	MIT		2022-02-14 - 23:04	over 2 years
1.11.0	MIT		2022-07-10 - 23:13	over 2 years
1.12.0	MIT		2022-07-13 - 20:48	over 2 years
1.13.0	MIT		2023-04-26 - 00:06	over 1 year
1.14.0	MIT		2023-06-02 - 04:37	over 1 year
1.14.1	MIT		2023-06-04 - 20:28	over 1 year
1.14.3	MIT		2024-03-05 - 22:25	8 months
1.14.4	MIT		2024-03-06 - 22:05	8 months
1.14.5	MIT		2024-05-06 - 20:50	6 months
1.14.6	MIT		2024-09-15 - 23:25	about 2 months