Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:gem/phlex@1.7.2
Typegem
Namespace
Namephlex
Version1.7.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.11.1
Latest_non_vulnerable_version2.4.1
Affected_by_vulnerabilities
0
url VCID-fr4p-b13u-nbhf
vulnerability_id VCID-fr4p-b13u-nbhf
summary 
Phlex XSS protection bypass via attribute splatting, dynamic tags, and href values
During a security audit conducted with Claude Opus 4.6 and GPT-5.3-Codex, we identified three specific ways to bypass the XSS (cross-site-scripting) protection built into Phlex.

1. The first bypass could happen if user-provided attributes with string keys were splatted into HTML tag, e.g. `div(**user_attributes)`.
2. The second bypass could happen if user-provided tag names were passed to the `tag` method, e.g. `tag(some_tag_name_from_user)`.
3. The third bypass could happen if user’s links were passed to `href` attributes, e.g. `a(href: user_provided_link)`.

All three of these patterns are meant to be safe and all have now been patched.
references
0
reference_url https://github.com/yippee-fun/phlex
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yippee-fun/phlex
1
reference_url https://github.com/yippee-fun/phlex/commit/1d85da417cb15eb8cb2f54a68d531c9b35d9d03a
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yippee-fun/phlex/commit/1d85da417cb15eb8cb2f54a68d531c9b35d9d03a
2
reference_url https://github.com/yippee-fun/phlex/commit/556441d5a64ff93f749e8116a05b2d97264468ee
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yippee-fun/phlex/commit/556441d5a64ff93f749e8116a05b2d97264468ee
3
reference_url https://github.com/yippee-fun/phlex/commit/74e3d8610ffabc2cf5f241945e9df4b14dceb97d
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yippee-fun/phlex/commit/74e3d8610ffabc2cf5f241945e9df4b14dceb97d
4
reference_url https://github.com/yippee-fun/phlex/commit/9f56ad13bea9a7d6117fdfd510446c890709eeac
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yippee-fun/phlex/commit/9f56ad13bea9a7d6117fdfd510446c890709eeac
5
reference_url https://github.com/yippee-fun/phlex/commit/fe9ea708672f9fa42526d9b47e1cdc4634860ef1
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yippee-fun/phlex/commit/fe9ea708672f9fa42526d9b47e1cdc4634860ef1
6
reference_url https://github.com/advisories/GHSA-w67g-2h6v-vjgq
reference_id GHSA-w67g-2h6v-vjgq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w67g-2h6v-vjgq
7
reference_url https://github.com/yippee-fun/phlex/security/advisories/GHSA-w67g-2h6v-vjgq
reference_id GHSA-w67g-2h6v-vjgq
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/yippee-fun/phlex/security/advisories/GHSA-w67g-2h6v-vjgq
fixed_packages
0
url pkg:gem/phlex@1.11.1
purl pkg:gem/phlex@1.11.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.11.1
1
url pkg:gem/phlex@2.0.2
purl pkg:gem/phlex@2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fr4p-b13u-nbhf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@2.0.2
2
url pkg:gem/phlex@2.1.3
purl pkg:gem/phlex@2.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@2.1.3
3
url pkg:gem/phlex@2.2.2
purl pkg:gem/phlex@2.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@2.2.2
4
url pkg:gem/phlex@2.3.2
purl pkg:gem/phlex@2.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@2.3.2
5
url pkg:gem/phlex@2.4.0.beta1
purl pkg:gem/phlex@2.4.0.beta1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fr4p-b13u-nbhf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@2.4.0.beta1
6
url pkg:gem/phlex@2.4.1
purl pkg:gem/phlex@2.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@2.4.1
aliases GHSA-w67g-2h6v-vjgq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fr4p-b13u-nbhf
1
url VCID-qw3q-6gwf-vufy
vulnerability_id VCID-qw3q-6gwf-vufy
summary 
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
There is a potential cross-site scripting (XSS) vulnerability that
can be exploited via maliciously crafted user data.

The reason these issues were not detected before is the escapes were
working as designed. However, their design didn't take into account
just how recklessly permissive browser are when it comes to executing
unsafe JavaScript via HTML attributes.

### Impact

If you render an `<a>` tag with an `href` attribute set to an
user-provided link, that link could potentially execute JavaScript
when clicked by another user.

```ruby
a(href: user_profile) { "Profile" }
```

If you splat user-provided attributes when rendering any HTML or SVG
tag, malicious event attributes could be included in the output,
executing JavaScript when the events are triggered by another user.

```ruby
h1(**JSON.parse(user_attributes))
```

### Patches

Patches are [available on RubyGems](https://rubygems.org/gems/phlex)
for all minor versions released in the last year.

- [1.10.2](https://rubygems.org/gems/phlex/versions/1.10.2)
- [1.9.3](https://rubygems.org/gems/phlex/versions/1.9.3)

If you are on `main`, it has been patched since
[`da8f943`](https://github.com/phlex-ruby/phlex/commit/da8f94342a84cff9d78c98bcc3b3604ee2e577d2)

### Workarounds

Configuring a [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy)
that does not allow [`unsafe-inline`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline)
would effectively prevent this vulnerability from being exploited.

### References

In addition to upgrading to a patched version of Phlex, we strongly
recommend configuring a Content Security Policy header that does
not allow `unsafe-inline`. Here’s how you can configure a Content
Security Policy header in Rails.
https://guides.rubyonrails.org/security.html#content-security-policy-header
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32970
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.51963
published_at 2026-06-08T12:55:00Z
1
value 0.00283
scoring_system epss
scoring_elements 0.52005
published_at 2026-06-05T12:55:00Z
2
value 0.00283
scoring_system epss
scoring_elements 0.52015
published_at 2026-06-06T12:55:00Z
3
value 0.00283
scoring_system epss
scoring_elements 0.51994
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32970
1
reference_url https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:29:00Z/
url https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
2
reference_url https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:29:00Z/
url https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline
3
reference_url https://github.com/payloadbox/xss-payload-list
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:29:00Z/
url https://github.com/payloadbox/xss-payload-list
4
reference_url https://github.com/phlex-ruby/phlex
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phlex-ruby/phlex
5
reference_url https://github.com/phlex-ruby/phlex/commit/da8f94342a84cff9d78c98bcc3b3604ee2e577d2
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:29:00Z/
url https://github.com/phlex-ruby/phlex/commit/da8f94342a84cff9d78c98bcc3b3604ee2e577d2
6
reference_url https://github.com/phlex-ruby/phlex/security/advisories/GHSA-9p57-h987-4vgx
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:29:00Z/
url https://github.com/phlex-ruby/phlex/security/advisories/GHSA-9p57-h987-4vgx
7
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/phlex/CVE-2024-32970.yml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/phlex/CVE-2024-32970.yml
8
reference_url https://rubygems.org/gems/phlex
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:29:00Z/
url https://rubygems.org/gems/phlex
9
reference_url https://rubygems.org/gems/phlex/versions/1.10.2
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/phlex/versions/1.10.2
10
reference_url https://rubygems.org/gems/phlex/versions/1.9.3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://rubygems.org/gems/phlex/versions/1.9.3
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32970
reference_id CVE-2024-32970
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32970
12
reference_url https://github.com/advisories/GHSA-9p57-h987-4vgx
reference_id GHSA-9p57-h987-4vgx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9p57-h987-4vgx
fixed_packages
0
url pkg:gem/phlex@1.9.3
purl pkg:gem/phlex@1.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fr4p-b13u-nbhf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.9.3
1
url pkg:gem/phlex@1.10.2
purl pkg:gem/phlex@1.10.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fr4p-b13u-nbhf
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.10.2
aliases CVE-2024-32970, GHSA-9p57-h987-4vgx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qw3q-6gwf-vufy
Fixing_vulnerabilities
0
url VCID-m3kh-42bg-ykd8
vulnerability_id VCID-m3kh-42bg-ykd8
summary 
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data.

Our filter to detect and prevent the use of the `javascript:` URL scheme in the `href` attribute of an `<a>` tag could be bypassed with tab `\t` or newline `\n` characters between the characters of the protocol, e.g. `java\tscript:`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32463
reference_id
reference_type
scores
0
value 0.00179
scoring_system epss
scoring_elements 0.39273
published_at 2026-06-08T12:55:00Z
1
value 0.00179
scoring_system epss
scoring_elements 0.39301
published_at 2026-06-07T12:55:00Z
2
value 0.00179
scoring_system epss
scoring_elements 0.3933
published_at 2026-06-06T12:55:00Z
3
value 0.00179
scoring_system epss
scoring_elements 0.39325
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32463
1
reference_url https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T18:58:58Z/
url https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
2
reference_url https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T18:58:58Z/
url https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline
3
reference_url https://github.com/phlex-ruby/phlex
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/phlex-ruby/phlex
4
reference_url https://github.com/phlex-ruby/phlex/commit/9e3f5b980655817993682e409cbda72956d865cb
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T18:58:58Z/
url https://github.com/phlex-ruby/phlex/commit/9e3f5b980655817993682e409cbda72956d865cb
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32463
reference_id CVE-2024-32463
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32463
6
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/phlex/CVE-2024-32463.yml
reference_id CVE-2024-32463.YML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/phlex/CVE-2024-32463.yml
7
reference_url https://github.com/advisories/GHSA-g7xq-xv8c-h98c
reference_id GHSA-g7xq-xv8c-h98c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g7xq-xv8c-h98c
8
reference_url https://github.com/phlex-ruby/phlex/security/advisories/GHSA-g7xq-xv8c-h98c
reference_id GHSA-g7xq-xv8c-h98c
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements
1
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T18:58:58Z/
url https://github.com/phlex-ruby/phlex/security/advisories/GHSA-g7xq-xv8c-h98c
fixed_packages
0
url pkg:gem/phlex@1.4.2
purl pkg:gem/phlex@1.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fr4p-b13u-nbhf
1
vulnerability VCID-qw3q-6gwf-vufy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.4.2
1
url pkg:gem/phlex@1.5.3
purl pkg:gem/phlex@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fr4p-b13u-nbhf
1
vulnerability VCID-qw3q-6gwf-vufy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.5.3
2
url pkg:gem/phlex@1.6.3
purl pkg:gem/phlex@1.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fr4p-b13u-nbhf
1
vulnerability VCID-qw3q-6gwf-vufy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.6.3
3
url pkg:gem/phlex@1.7.2
purl pkg:gem/phlex@1.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fr4p-b13u-nbhf
1
vulnerability VCID-qw3q-6gwf-vufy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.7.2
4
url pkg:gem/phlex@1.8.3
purl pkg:gem/phlex@1.8.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fr4p-b13u-nbhf
1
vulnerability VCID-qw3q-6gwf-vufy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.8.3
5
url pkg:gem/phlex@1.9.2
purl pkg:gem/phlex@1.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fr4p-b13u-nbhf
1
vulnerability VCID-qw3q-6gwf-vufy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.9.2
6
url pkg:gem/phlex@1.10.1
purl pkg:gem/phlex@1.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fr4p-b13u-nbhf
1
vulnerability VCID-qw3q-6gwf-vufy
resource_url http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.10.1
aliases CVE-2024-32463, GHSA-g7xq-xv8c-h98c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3kh-42bg-ykd8
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.7.2