Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-1000078

Опубликовано: 13 мар. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.1

Описание

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.

РелизСтатусПримечание
artful

ignored

end of life
bionic

ignored

end of standard support, was needs-triage
cosmic

ignored

end of life
devel

not-affected

9.1.17.0-3
disco

not-affected

9.1.17.0-2
eoan

not-affected

9.1.17.0-3
esm-apps/bionic

needs-triage

esm-apps/focal

not-affected

9.1.17.0-3
esm-apps/noble

not-affected

9.1.17.0-3
esm-apps/xenial

needs-triage

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [1.9.3.484-2ubuntu1.8]]
esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [2.0.0.484-1ubuntu2.6]]
esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
artful

released

2.3.3-1ubuntu1.4
bionic

DNE

cosmic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

released

2.3.1-2~16.04.7
focal

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

released

2.5.1-1
cosmic

released

2.5.1-1
devel

DNE

disco

released

2.5.1-1
eoan

released

2.5.1-1
esm-infra-legacy/trusty

DNE

esm-infra/bionic

released

2.5.1-1
esm-infra/focal

DNE

focal

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 74%
0.00823
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-1000078

CVSS3: 6.1
redhat
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.

nvd логотип

CVE-2018-1000078

CVSS3: 6.1
nvd
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.

debian логотип

CVE-2018-1000078

CVSS3: 6.1
debian
почти 8 лет назад

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...

github логотип

GHSA-87qx-g5wg-mwmj

CVSS3: 6.1
github
больше 3 лет назад

RubyGems Cross-site Scripting vulnerability

fstec логотип

BDU:2018-01597

CVSS3: 6.1
fstec
почти 8 лет назад

Уязвимость системы управления пакетами RubyGems, связанная с возможностью осуществления межсайтового скриптинга, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 74%
0.00823
Низкий

4.3 Medium

CVSS2

6.1 Medium

CVSS3