Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-87qx-g5wg-mwmj

Опубликовано: 14 мая 2022
Источник: github
Github: Прошло ревью
CVSS3: 6.1

Описание

RubyGems Cross-site Scripting vulnerability

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack requires the victim to browse to a malicious gem on a vulnerable gem server. This vulnerability is fixed in 2.7.6.

Ссылки

Пакеты

Наименование

rubygems-update

rubygems
Затронутые версииВерсия исправления

< 2.7.6

2.7.6

Наименование

org.jruby:jruby-stdlib

maven
Затронутые версииВерсия исправления

< 9.1.16.0

9.1.16.0

EPSS

Процентиль: 74%
0.00823
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2018-1000078

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2018-1000078

CVSS3: 6.1
ubuntu
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.

redhat логотип

CVE-2018-1000078

CVSS3: 6.1
redhat
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.

nvd логотип

CVE-2018-1000078

CVSS3: 6.1
nvd
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.

debian логотип

CVE-2018-1000078

CVSS3: 6.1
debian
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...

fstec логотип

BDU:2018-01597

CVSS3: 6.1
fstec
почти 8 лет назад

Уязвимость системы управления пакетами RubyGems, связанная с возможностью осуществления межсайтового скриптинга, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 74%
0.00823
Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2018-1000078

Дефекты

CWE-79