GHSA-qwv2-2x8g-g43g
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qwv2-2x8g-g43g
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qwv2-2x8g-g43g/GHSA-qwv2-2x8g-g43g.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qwv2-2x8g-g43g
- Aliases
- Published
- 2022-05-13T01:31:05Z
- Modified
- 2023-11-08T03:58:55.674501Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Gem in a Box vulnerable to Cross-site Request Forgery
- Details
-
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
- Database specific
{ "nvd_published_at": "2017-09-25T08:29:00Z", "github_reviewed_at": "2023-03-09T00:29:28Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-352" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-14683
- https://github.com/geminabox/geminabox/commit/a01c4e8b3403624109499dec75eb6ee30bd01a55
- https://github.com/geminabox/geminabox
- https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/geminabox/CVE-2017-14683.yml
- http://baraktawily.blogspot.co.il/2017/09/gem-in-box-xss-vulenrability-cve-2017.html
Affected packages
RubyGems / geminabox
Package
- Name
- geminabox
- Purl
- pkg:gem/geminabox
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.13.7
Affected versions
0.*
0.1.0
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9.pre1
0.2.9
0.2.10
0.2.11
0.2.13
0.2.14
0.2.15
0.3.0
0.3.1
0.3.2
0.3.3
0.4.0
0.5.0
0.5.1
0.5.2
0.6.0
0.6.1pre1
0.6.1
0.7.0
0.8.0
0.9.0
0.10.0
0.10.1
0.11.0
0.11.1
0.12.0
0.12.1
0.12.2
0.12.3
0.12.4
0.13.0
0.13.1
0.13.2
0.13.3
0.13.4
0.13.5
0.13.6