Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/ember-source@1.12.0a
Typegem
Namespace
Nameember-source
Version1.12.0a
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.12.0
Latest_non_vulnerable_version2.2.1
Affected_by_vulnerabilities
0
url VCID-a5hm-euty-z7g1
vulnerability_id VCID-a5hm-euty-z7g1
summary 
XSS Vulnerability with User-Supplied JSON
By default, Ember will escape any values in Handlebars templates that use double curlies (`{{value}}`). Developers can specifically opt out of this escaping behavior by passing an instance of `SafeString` rather than a raw string, which tells Ember that it should not escape the string because the developer has taken responsibility for escapement. It is possible for an attacker to create a specially-crafted payload that causes a non-sanitized string to be treated as a `SafeString`, and thus bypass Ember's normal escaping behavior. This could allow an attacker to execute arbitrary JavaScript in the context of the current domain ("XSS").
references
0
reference_url https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY
fixed_packages
0
url pkg:gem/ember-source@1.12.2
purl pkg:gem/ember-source@1.12.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.12.2
1
url pkg:gem/ember-source@1.13.12
purl pkg:gem/ember-source@1.13.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.13.12
2
url pkg:gem/ember-source@2.0.3
purl pkg:gem/ember-source@2.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@2.0.3
3
url pkg:gem/ember-source@2.1.2
purl pkg:gem/ember-source@2.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@2.1.2
4
url pkg:gem/ember-source@2.2.1
purl pkg:gem/ember-source@2.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@2.2.1
aliases CVE-2015-7565
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a5hm-euty-z7g1
1
url VCID-eafw-zr9e-ryfu
vulnerability_id VCID-eafw-zr9e-ryfu
summary 
Vulnerability With {{view "select"}} Options
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, a change made to the implementation of the select view means that any user-supplied data bound to an option's label will not be escaped correctly. In applications that use Ember's select view and pass user-supplied content to the label, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS").
references
0
reference_url https://groups.google.com/forum/#!topic/ember-security/nbntfs2EbRU
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ember-security/nbntfs2EbRU
fixed_packages
0
url pkg:gem/ember-source@1.12.0
purl pkg:gem/ember-source@1.12.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.12.0
aliases CVE-2015-1866
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eafw-zr9e-ryfu
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.12.0a