Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/ember-source@1.1.0
Typegem
Namespace
Nameember-source
Version1.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.2.2
Latest_non_vulnerable_version2.2.1
Affected_by_vulnerabilities
0
url VCID-42k5-zsk1-5fcb
vulnerability_id VCID-42k5-zsk1-5fcb
summary 
ember-source Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.
references
0
reference_url http://emberjs.com/blog/2014/02/07/ember-security-releases.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://emberjs.com/blog/2014/02/07/ember-security-releases.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0046
reference_id
reference_type
scores
0
value 0.00521
scoring_system epss
scoring_elements 0.67195
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0046
2
reference_url http://secunia.com/advisories/56965
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://secunia.com/advisories/56965
3
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/91242
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://exchange.xforce.ibmcloud.com/vulnerabilities/91242
4
reference_url https://github.com/emberjs/ember.js
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/emberjs/ember.js
5
reference_url https://github.com/emberjs/ember.js/commit/45ee8df2a0efc0afe233d6b9b17045782a2e6b2d
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/emberjs/ember.js/commit/45ee8df2a0efc0afe233d6b9b17045782a2e6b2d
6
reference_url https://github.com/emberjs/ember.js/commit/94b28b8773acf894c4d7d7fccf4411a706292436
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/emberjs/ember.js/commit/94b28b8773acf894c4d7d7fccf4411a706292436
7
reference_url https://github.com/emberjs/ember.js/commit/ab3199e68e1d0fc3c8f7f453cd38c51fe02af90b
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/emberjs/ember.js/commit/ab3199e68e1d0fc3c8f7f453cd38c51fe02af90b
8
reference_url https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ
9
reference_url http://www.openwall.com/lists/oss-security/2014/02/14/6
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2014/02/14/6
10
reference_url http://www.securityfocus.com/bid/65579
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/65579
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0046
reference_id CVE-2014-0046
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0046
12
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2014-0046.yml
reference_id CVE-2014-0046.YML
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2014-0046.yml
13
reference_url https://github.com/advisories/GHSA-4q53-fqhc-cr46
reference_id GHSA-4q53-fqhc-cr46
reference_type
scores
url https://github.com/advisories/GHSA-4q53-fqhc-cr46
fixed_packages
0
url pkg:gem/ember-source@1.2.2
purl pkg:gem/ember-source@1.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.2.2
1
url pkg:gem/ember-source@1.3.0.beta.1
purl pkg:gem/ember-source@1.3.0.beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42k5-zsk1-5fcb
1
vulnerability VCID-d7x3-kr4s-hqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.0.beta.1
2
url pkg:gem/ember-source@1.3.2
purl pkg:gem/ember-source@1.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.2
3
url pkg:gem/ember-source@1.4.0.beta.1
purl pkg:gem/ember-source@1.4.0.beta.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42k5-zsk1-5fcb
1
vulnerability VCID-78w7-adb5-qfga
2
vulnerability VCID-d7x3-kr4s-hqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0.beta.1
4
url pkg:gem/ember-source@1.4.0.beta.6
purl pkg:gem/ember-source@1.4.0.beta.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0.beta.6
aliases CVE-2014-0046, GHSA-4q53-fqhc-cr46
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-42k5-zsk1-5fcb
1
url VCID-78w7-adb5-qfga
vulnerability_id VCID-78w7-adb5-qfga
summary 
Potential XSS Exploit With User-Supplied Data When Binding
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, we have identified a vulnerability that could lead to unescaped content being inserted into the innerHTML string without being sanitized. When a primitive value is used as the Handlebars context, that value is not properly escaped. An example of this would be using the `{{each}}` helper to iterate over an array of user-supplied strings and using `{{this}}` inside the block to display each string. In applications that contain templates whose context is a primitive value and use the `{{this}}` keyword to display that value, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability affects applications that contain templates whose context is set to a user-supplied primitive value (such as a string or number) and also contain the `{{this}}` special Handlebars variable to display the value.
references
0
reference_url http://emberjs.com/blog/2014/01/14/ember-security-releases.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://emberjs.com/blog/2014/01/14/ember-security-releases.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0013
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42327
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0013
2
reference_url https://github.com/emberjs/ember.js
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/emberjs/ember.js
3
reference_url https://github.com/emberjs/ember.js/commit/3130e4d70c0a6865879a1c68028cfc3c6feca66c
reference_id
reference_type
scores
url https://github.com/emberjs/ember.js/commit/3130e4d70c0a6865879a1c68028cfc3c6feca66c
4
reference_url https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0013
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0013
fixed_packages
0
url pkg:gem/ember-source@1.1.2
purl pkg:gem/ember-source@1.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42k5-zsk1-5fcb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.1.2
1
url pkg:gem/ember-source@1.1.3
purl pkg:gem/ember-source@1.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42k5-zsk1-5fcb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.1.3
2
url pkg:gem/ember-source@1.2.0.1
purl pkg:gem/ember-source@1.2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42k5-zsk1-5fcb
1
vulnerability VCID-d7x3-kr4s-hqa9
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.2.0.1
3
url pkg:gem/ember-source@1.2.1
purl pkg:gem/ember-source@1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.2.1
4
url pkg:gem/ember-source@1.3.1
purl pkg:gem/ember-source@1.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.1
5
url pkg:gem/ember-source@1.3.1.1
purl pkg:gem/ember-source@1.3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42k5-zsk1-5fcb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.1.1
6
url pkg:gem/ember-source@1.4.0.beta.2
purl pkg:gem/ember-source@1.4.0.beta.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42k5-zsk1-5fcb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0.beta.2
7
url pkg:gem/ember-source@1.4.0-beta.2
purl pkg:gem/ember-source@1.4.0-beta.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0-beta.2
aliases CVE-2014-0013, GHSA-8xm3-gm7c-5fjx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78w7-adb5-qfga
2
url VCID-d7x3-kr4s-hqa9
vulnerability_id VCID-d7x3-kr4s-hqa9
summary 
Potential XSS Exploit
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to `innerHTML`. However, we have identified a vulnerability that could lead to unescaped content being inserted into the `innerHTML` string without being sanitized. When using the `{{group}}` helper, user supplied content in the template was not being sanitized. Though the vulnerability exists in Ember.js proper, it is only exposed via the use of an experimental plugin. In applications that use the `{{group}}` helper, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (`XSS`). This vulnerability only affects applications that use the `{{group}}` helper to display user-provided content.
references
0
reference_url http://emberjs.com/blog/2014/01/14/ember-security-releases.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://emberjs.com/blog/2014/01/14/ember-security-releases.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-0014
reference_id
reference_type
scores
0
value 0.00301
scoring_system epss
scoring_elements 0.53758
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-0014
2
reference_url https://github.com/emberjs/ember.js
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/emberjs/ember.js
3
reference_url https://github.com/emberjs/ember.js/commit/12fa46ba1c6efb9ddac7bfdef7f4f6909781c801
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/emberjs/ember.js/commit/12fa46ba1c6efb9ddac7bfdef7f4f6909781c801
4
reference_url https://github.com/emberjs/ember.js/commit/e52e047305849756c78abc1e760d621531c2c0a7
reference_id
reference_type
scores
url https://github.com/emberjs/ember.js/commit/e52e047305849756c78abc1e760d621531c2c0a7
5
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2014-0014.yml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2014-0014.yml
6
reference_url https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-0014
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2014-0014
8
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
fixed_packages
0
url pkg:gem/ember-source@1.1.2
purl pkg:gem/ember-source@1.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42k5-zsk1-5fcb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.1.2
1
url pkg:gem/ember-source@1.1.3
purl pkg:gem/ember-source@1.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42k5-zsk1-5fcb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.1.3
2
url pkg:gem/ember-source@1.2.1
purl pkg:gem/ember-source@1.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.2.1
3
url pkg:gem/ember-source@1.2.1.1
purl pkg:gem/ember-source@1.2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42k5-zsk1-5fcb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.2.1.1
4
url pkg:gem/ember-source@1.3.1
purl pkg:gem/ember-source@1.3.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.1
5
url pkg:gem/ember-source@1.3.1.1
purl pkg:gem/ember-source@1.3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42k5-zsk1-5fcb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.1.1
6
url pkg:gem/ember-source@1.4.0.beta.2
purl pkg:gem/ember-source@1.4.0.beta.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42k5-zsk1-5fcb
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0.beta.2
7
url pkg:gem/ember-source@1.4.0-beta.2
purl pkg:gem/ember-source@1.4.0-beta.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0-beta.2
aliases CVE-2014-0014, GHSA-rcx6-7jp6-pqf2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7x3-kr4s-hqa9
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.1.0