CVE-2017-14506

Опубликовано: 25 сент. 2017

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.

Ссылки

http://baraktawily.blogspot.co.il/2017/09/gem-in-box-xss-vulenrability-cve-2017.html
Exploit
Third Party Advisory
https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md
Patch
Release Notes
Third Party Advisory
http://baraktawily.blogspot.co.il/2017/09/gem-in-box-xss-vulenrability-cve-2017.html
Exploit
Third Party Advisory
https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md
Patch
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:geminabox_project:geminabox:*:*:*:*:*:ruby:*:*

Версия до 0.13.5 (включая)

EPSS

Процентиль: 45%

0.00222

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-98hq-3qvg-pg78