) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:geminabox_project:geminabox:0.2.11:*:*:*:*:ruby:*:*
- CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2017-16792 |
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb. Published: November 13, 2017; 4:29:00 AM -0500 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-14683 |
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. Published: September 25, 2017; 4:29:00 AM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2017-14506 |
geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. Published: September 25, 2017; 4:29:00 AM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |