Skip to main content

Geminabox

3 CVEs product

Monthly

CVE-2017-16792 Ruby MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Geminabox
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2017-14683 Ruby HIGH POC PATCH This Week

geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Geminabox
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2017-14506 Ruby MEDIUM POC PATCH This Month

geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Geminabox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Geminabox
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Geminabox
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Geminabox
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy