gemirro 0.11.0
1 security vulnerability
found in version
0.11.0
Stored XSS in "gemirro" via injection in Gemspec "homepage" value
medium severity CVE-2017-16833
medium severity
CVE-2017-16833
Patched versions:
>= 0.15.0
Stored cross-site scripting (XSS) vulnerability in Gemirro allows attackers to inject arbitrary web script via a crafted JavaScript URL in the "homepage" value of a ".gemspec" file.
A ".gemspec" file must be created with a JavaScript URL in the homepage value. This can be used to build a gem for upload to the Gemirro server, in order to achieve stored XSS via the author name hyperlink.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.