QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-1000078

Back to search

CVE-2018-1000078

Published: Mar 13, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. This attack appear to be exploitable via the victim must browse to a malicious gem on a vulnerable gem server. This vulnerability appears to have been fixed in 2.7.6.

VendorProductVersions

n/a

n/a

affected
n/a

References

DSA-4219
vendor-advisory
x_refsource_DEBIAN
USN-3621-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:3729
vendor-advisory
x_refsource_REDHAT
RHSA-2018:3730
vendor-advisory
x_refsource_REDHAT
RHSA-2018:3731
vendor-advisory
x_refsource_REDHAT
DSA-4259
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2019:1771
vendor-advisory
x_refsource_SUSE
RHSA-2019:2028
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0542
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0591
vendor-advisory
x_refsource_REDHAT
RHSA-2020:0663
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now