Geminabox Security Vulnerabilities and Issues — Geminabox CVE List

Lucene search

Geminabox ProjectGeminabox

3 matches found

CVE•added 2017/11/13 9:29 a.m.•68 views

CVE-2017-16792

Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb.

6.1CVSS5.8AI score0.00361EPSS

CVE•added 2017/09/25 8:29 a.m.•44 views

CVE-2017-14506

geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.

5.4CVSS5.6AI score0.00222EPSS

CVE•added 2017/09/25 8:29 a.m.•37 views

CVE-2017-14683

geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.

8.8CVSS8.5AI score0.00121EPSS