GHSA-98hq-3qvg-pg78
Suggest an improvement- Source
- https://github.com/advisories/GHSA-98hq-3qvg-pg78
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-98hq-3qvg-pg78/GHSA-98hq-3qvg-pg78.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-98hq-3qvg-pg78
- Aliases
- Published
- 2022-05-13T01:31:05Z
- Modified
- 2023-11-08T03:58:55.553520Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Gem in a Box vulnerable to Cross-site Scripting
- Details
-
geminabox (aka Gem in a Box) before 0.13.6 is vulnerable to Cross-site Scripting (XSS), as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.
- Database specific
{ "severity": "MODERATE", "github_reviewed_at": "2023-03-09T00:35:52Z", "cwe_ids": [ "CWE-79" ], "nvd_published_at": "2017-09-25T08:29:00Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-14506
- https://github.com/geminabox/geminabox/commit/99aaae196c4fc6ae0df28e186ca1e493ae658e02
- https://github.com/geminabox/geminabox
- https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md
- http://baraktawily.blogspot.co.il/2017/09/gem-in-box-xss-vulenrability-cve-2017.html
Affected packages
RubyGems / geminabox
Package
- Name
- geminabox
- Purl
- pkg:gem/geminabox
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.13.6
Affected versions
0.*
0.1.0
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9.pre1
0.2.9
0.2.10
0.2.11
0.2.13
0.2.14
0.2.15
0.3.0
0.3.1
0.3.2
0.3.3
0.4.0
0.5.0
0.5.1
0.5.2
0.6.0
0.6.1pre1
0.6.1
0.7.0
0.8.0
0.9.0
0.10.0
0.10.1
0.11.0
0.11.1
0.12.0
0.12.1
0.12.2
0.12.3
0.12.4
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5