geminabox 0.12.4
Gem in a Box vulnerable to Cross-site Request Forgery
high severity CVE-2017-14683>= 0.13.7
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
Stored XSS in "geminabox" via injection in Gemspec "homepage" value
medium severity CVE-2017-16792>= 0.13.10
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file.
A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to build a gem for upload to the Geminabox server, in order to achieve stored XSS via the gem hyperlink.
Gem in a Box vulnerable to Cross-site Scripting
medium severity CVE-2017-14506>= 0.13.6
geminabox (aka Gem in a Box) before 0.13.6 is vulnerable to Cross-site Scripting (XSS), as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.