Описание
Gem in a Box vulnerable to Cross-site Request Forgery
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2017-14683
- https://github.com/geminabox/geminabox/commit/a01c4e8b3403624109499dec75eb6ee30bd01a55
- https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/geminabox/CVE-2017-14683.yml
- http://baraktawily.blogspot.co.il/2017/09/gem-in-box-xss-vulenrability-cve-2017.html
Пакеты
Наименование
geminabox
rubygems
Затронутые версииВерсия исправления
< 0.13.7
0.13.7
Связанные уязвимости
CVSS3: 8.8
nvd
больше 8 лет назад
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.