easymon 1.2.1
1 security vulnerability
found in version
1.2.1
Reflected XSS in Firefox in check endpoint
medium severity CVE-2018-1000855
medium severity
CVE-2018-1000855
Patched versions:
>= 1.4.1
When passing an invalid check name as parameter to the endpoint where the easymon routes are mounted, a 406 response with a body that contains the invalid check name unescaped is returned. Malicious JavaScript can be injected into that invalid name and have it executed in Firefox
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.