GHSA-m3q7-rj8g-m457

Source

https://github.com/advisories/GHSA-m3q7-rj8g-m457

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/08/GHSA-m3q7-rj8g-m457/GHSA-m3q7-rj8g-m457.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m3q7-rj8g-m457

Aliases

CVE-2015-7565

Published

2018-08-28T22:33:24Z

Modified

2024-02-16T08:06:35.628087Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

ember-source Cross-site Scripting vulnerability

Details

Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:44:43Z"
}

References

Affected packages

RubyGems / ember-source

Package

Name: ember-source
Purl: pkg:gem/ember-source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.8.0

Fixed

1.11.4

Affected versions

1.*

1.8.0

1.8.1

1.9.0.alpha

1.9.0.alpha.2

1.9.0.beta.1

1.9.0.beta.1.1

1.9.0.beta.3

1.9.0.beta.4

1.9.0

1.9.1

1.10.0.beta.1

1.10.0.beta.2

1.10.0.beta.3

1.10.0.beta.4

1.10.0

1.10.1

1.11.0.beta.1

1.11.0.beta.2

1.11.0.beta.2.1

1.11.0.beta.2.2

1.11.0.beta.3

1.11.0.beta.4

1.11.0.beta.5

1.11.0

1.11.0.1

1.11.1

1.11.3

1.11.3.1

RubyGems / ember-source

Package

Name: ember-source
Purl: pkg:gem/ember-source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.12.0

Fixed

1.12.2

Affected versions

1.*

1.12.0

1.12.1

RubyGems / ember-source

Package

Name: ember-source
Purl: pkg:gem/ember-source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.13.0

Fixed

1.13.12

Affected versions

1.*

1.13.0

1.13.1

1.13.1.1

1.13.2

1.13.3

1.13.4

1.13.4.1

1.13.5

1.13.6

1.13.7

1.13.8

1.13.9

1.13.10

1.13.11

RubyGems / ember-source

Package

Name: ember-source
Purl: pkg:gem/ember-source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.3

Affected versions

2.*

2.0.0

2.0.2

RubyGems / ember-source

Package

Name: ember-source
Purl: pkg:gem/ember-source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.2

Affected versions

2.*

2.1.0

RubyGems / ember-source

Package

Name: ember-source
Purl: pkg:gem/ember-source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.1

Affected versions

2.*

2.2.0