Lucene search
Geminabox ProjectGeminabox
2 matches found
CVE-2017-14506
geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.
5.4CVSS5.6AI score0.00222EPSS
CVE-2017-14683
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
8.8CVSS8.5AI score0.00121EPSS