Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/ember-source@2.1.2
Typegem
Namespace
Nameember-source
Version2.1.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.2.1
Latest_non_vulnerable_version2.2.1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-a5hm-euty-z7g1
vulnerability_id VCID-a5hm-euty-z7g1
summary 
XSS Vulnerability with User-Supplied JSON
By default, Ember will escape any values in Handlebars templates that use double curlies (`{{value}}`). Developers can specifically opt out of this escaping behavior by passing an instance of `SafeString` rather than a raw string, which tells Ember that it should not escape the string because the developer has taken responsibility for escapement. It is possible for an attacker to create a specially-crafted payload that causes a non-sanitized string to be treated as a `SafeString`, and thus bypass Ember's normal escaping behavior. This could allow an attacker to execute arbitrary JavaScript in the context of the current domain ("XSS").
references
0
reference_url https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY
reference_id
reference_type
scores
url https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY
fixed_packages
0
url pkg:gem/ember-source@1.11.4
purl pkg:gem/ember-source@1.11.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.11.4
1
url pkg:gem/ember-source@1.12.2
purl pkg:gem/ember-source@1.12.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.12.2
2
url pkg:gem/ember-source@1.13.12
purl pkg:gem/ember-source@1.13.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.13.12
3
url pkg:gem/ember-source@2.0.3
purl pkg:gem/ember-source@2.0.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@2.0.3
4
url pkg:gem/ember-source@2.1.2
purl pkg:gem/ember-source@2.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@2.1.2
5
url pkg:gem/ember-source@2.2.1
purl pkg:gem/ember-source@2.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@2.2.1
aliases CVE-2015-7565
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a5hm-euty-z7g1
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/ember-source@2.1.2