geminabox
RubyGems3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting geminaboxpage 1 of 1
- CVE-2017-14506MEDIUMCVSS 5.4EG 5.4✓ Fixed in 0.13.62017-09-25
vulnerable: 0.1.0 ... 0.9.0 (46 versions)
geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.
- CVE-2017-14683HIGHCVSS 8.8EG 8.8✓ Fixed in 0.13.72017-09-25
vulnerable: 0.1.0 ... 0.9.0 (47 versions)
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
- CVE-2017-16792MEDIUMCVSS 6.1EG 6.1✓ Fixed in 0.13.102017-11-13
vulnerable: 0.1.0 ... 0.9.0 (50 versions)
Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.
Check whether geminabox is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for geminabox CVEs against the assets you own.
Start Free Scan →