CVE-2017-16792
N/A
N/A
Summary
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://rubygems.org/gems/geminabox/versions/0.13.10
- https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md
- https://github.com/geminabox/geminabox/commit/f8429a9e364658459add170e4ebc7a5d3b4759e7
References
- https://rubygems.org/gems/geminabox/versions/0.13.10
- https://github.com/geminabox/geminabox/blob/master/CHANGELOG.md
- https://github.com/geminabox/geminabox/commit/f8429a9e364658459add170e4ebc7a5d3b4759e7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.