CVE-2017-20159

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-20159

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-20159.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-20159

Aliases

GHSA-399p-vq28-5hg8

Published

2022-12-31T11:15:10.750Z

Modified

2026-03-14T09:25:00.728558Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in rf Keynote up to 0.x on Rails. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 05be4356b0a6ca7de48da926a9b997beb5ffeb4a. It is recommended to upgrade the affected component. VDB-217142 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/evilmartians/keynote

Affected ranges

Type: GIT
Repo: https://github.com/evilmartians/keynote
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

05be4356b0a6ca7de48da926a9b997beb5ffeb4a

Fixed

625acc5d386ba4d88071a55ec0f78401f7924b70

Type

GIT

Repo

https://github.com/rf-/keynote

Events

Introduced

Fixed

625acc5d386ba4d88071a55ec0f78401f7924b70

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.0"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.2.0

v0.2.0pre1

v0.2.0pre2

v0.2.0pre3

v0.2.1

v0.2.2

v0.2.3

v0.3.0

v0.3.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-20159.json"