Lucene search
Veracode Vulnerability DatabaseVERACODE:38662HistoryDec 27, 2022 - 5:54 a.m.
Reverse Tabnabbing
2022-12-2705:54:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
28
reverse tabnabbing
translation.rb
regular expression
web links
window.opener access
software
EPSS
0.001
Percentile
37.0%
text_helpers is vulnerable to reverse tabnabbing. The vulnerability exists in multiple functions in translation.rb due to lack of proper regular expression which allows an attacker to use web links to untrusted targets with window.opener access.
References
github.com/advisories/GHSA-74hc-57m5-83ch
github.com/ahorner/text-helpers/commit/184b60ded0e43c985788582aca2d1e746f9405a3
github.com/ahorner/text-helpers/pull/19
github.com/ahorner/text-helpers/releases/tag/v1.1.0
github.com/rubysec/ruby-advisory-db/blob/master/gems/text_helpers/CVE-2020-36624.yml
vuldb.com/?id.216520
Related
osv
osv
CVE-2020-36624
2022-12-22 10:15:08
text_helpers uses web link to untrusted target with window.opener access
2022-12-22 12:30:17
cvelist
cvelist
CVE-2020-36624 ahorner text-helpers translation.rb reverse tabnabbing
2022-12-22 00:00:00
cve
cve
CVE-2020-36624
2022-12-22 10:15:08
prion
prion
Design/Logic Flaw
2022-12-22 10:15:00
nvd
nvd
CVE-2020-36624
2022-12-22 10:15:08
rubygems
rubygems
text_helpers uses web link to untrusted target with window.opener access
2022-12-21 21:00:00
github
github
text_helpers uses web link to untrusted target with window.opener access
2022-12-22 12:30:17