GHSA-9hx9-w2j6-rw76

Suggest an improvement
Source
https://github.com/advisories/GHSA-9hx9-w2j6-rw76
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/10/GHSA-9hx9-w2j6-rw76/GHSA-9hx9-w2j6-rw76.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9hx9-w2j6-rw76
Aliases
  • CVE-2013-2105
Published
2017-10-24T18:33:37Z
Modified
2023-11-08T03:57:17.603562Z
Summary
Script Injection in Show In Browser gem
Details

The Show In Browser (showinbrowser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

Database specific 
{
    "nvd_published_at": "2014-04-22T14:23:33Z",
    "cwe_ids": [
        "CWE-59"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:28:50Z"
}
References

Affected packages

RubyGems / show_in_browser

Package

Name
show_in_browser
Purl
pkg:gem/show_in_browser

Affected ranges

Affected versions

0.*

0.0.3