GHSA-gwrj-88fp-5m36

Source

https://github.com/advisories/GHSA-gwrj-88fp-5m36

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-gwrj-88fp-5m36/GHSA-gwrj-88fp-5m36.json

Aliases

CVE-2021-35514

Published

2021-07-02T18:36:01Z

Modified

2023-11-08T04:06:10.193384Z

Details

Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel.

References

Affected packages

RubyGems / narou

Package

Name: narou

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

3.8.0

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.1.0.rc1

1.1.0.rc2

1.1.0

1.1.1

1.1.2

1.1.2.1

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5.rc1

1.2.5.rc2

1.2.5

1.2.5.1

1.2.6

1.2.7

1.2.8

1.2.9.rc1

1.2.9

1.3.0

1.3.0.1

1.3.1

1.3.2

1.3.3

1.3.4

1.3.5

1.3.5.1

1.4.0

1.4.1

1.4.1.1

1.4.2.rc1

1.4.2.rc2

1.4.3

1.4.4

1.4.5

1.4.6

1.5.0

1.5.0.1

1.5.0.2

1.5.1

1.5.2

1.5.2.1

1.5.3

1.5.4

1.5.5

1.5.5.1

1.5.6

1.5.6.1

1.5.7

1.5.7.1

1.5.8

1.5.9

1.5.10

1.5.10.1

1.5.11

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.7.0

1.7.1

1.7.2

2.*

2.0.0

2.0.1

2.0.2

2.1.0

2.1.1.pre.test1

2.2.0

2.3.0.pre.test1

2.3.0

2.3.1

2.3.2

2.3.3

2.4.0

2.4.1

2.4.2

2.5.1

2.5.2

2.6.0

2.6.1

2.7.0

2.7.1

2.7.2

2.8.0

2.8.1

2.8.2

2.8.3

2.8.3.1

2.9.0

2.9.1

2.9.2

2.9.3

2.9.3.1

2.9.4

2.9.5

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.5.1

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.1.10

3.1.11

3.2.0

3.2.0.1

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.5.1

3.3.0

3.3.1

3.3.2

3.4.0

3.4.1

3.4.2

3.4.3

3.4.5

3.4.6

3.4.6.1

3.4.7

3.4.7.1

3.4.8

3.5.0

3.5.0.1

3.5.1

3.6.0

3.7.0

3.7.1

3.7.2