RubyGems - geminabox - Versions - 0.13.9 - Mend

geminabox 0.13.9

1 security vulnerability found in version 0.13.9

Stored XSS in "geminabox" via injection in Gemspec "homepage" value

medium severity CVE-2017-16792

Patched versions: >= 0.13.10

Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file.

A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to build a gem for upload to the Geminabox server, in order to achieve stored XSS via the gem hyperlink.

No officially reported memory leakage issues detected.

This gem version does not have any officially reported memory leaked issues.

No license issues detected.

This gem version has a license in the gemspec.

This gem version is available.

This gem version has not been yanked and is still available for usage.