VulnerableCode Package Details - pkg:gem/geminabox@0.13.6

Search for packages

Vulnerability	Summary	Fixed by
VCID-dzpc-n37z-8ybu Aliases: CVE-2017-16792 GHSA-653m-r33x-39ff	Cross-site Scripting A stored cross-site scripting (XSS) vulnerability in `geminabox` (Gem in a Box) allows attackers to inject arbitrary web script via the `homepage` value of a `.gemspec` file, related to `views/gem.erb` and `views/index.erb.`	0.13.10 Affected by 0 other vulnerabilities.
VCID-hnb4-hsjz-5kau Aliases: CVE-2017-14683 GHSA-qwv2-2x8g-g43g	Cross-Site Request Forgery (CSRF) geminabox (aka Gem in a Box) is vulnerable to CSRF.	0.13.7 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-dzpc-n37z-8ybu
Aliases:
CVE-2017-16792
GHSA-653m-r33x-39ff

Cross-site Scripting A stored cross-site scripting (XSS) vulnerability in `geminabox` (Gem in a Box) allows attackers to inject arbitrary web script via the `homepage` value of a `.gemspec` file, related to `views/gem.erb` and `views/index.erb.`

0.13.10
Affected by 0 other vulnerabilities.

VCID-hnb4-hsjz-5kau
Aliases:
CVE-2017-14683
GHSA-qwv2-2x8g-g43g

Cross-Site Request Forgery (CSRF) geminabox (aka Gem in a Box) is vulnerable to CSRF.

0.13.7
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-eesj-5ucw-b7ak	Cross-site Scripting geminabox (aka Gem in a Box) has an XSS, as demonstrated by uploading a gem file that has a crafted `gem.homepage` value in its `.gemspec` file.	CVE-2017-14506 GHSA-98hq-3qvg-pg78

Vulnerability

Summary

Aliases

VCID-eesj-5ucw-b7ak

Cross-site Scripting geminabox (aka Gem in a Box) has an XSS, as demonstrated by uploading a gem file that has a crafted `gem.homepage` value in its `.gemspec` file.

CVE-2017-14506
GHSA-98hq-3qvg-pg78

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T11:33:58.135579+00:00	GithubOSV Importer	Fixing	VCID-eesj-5ucw-b7ak	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-98hq-3qvg-pg78/GHSA-98hq-3qvg-pg78.json	38.6.0
2026-05-31T09:41:43.868294+00:00	GitLab Importer	Affected by	VCID-dzpc-n37z-8ybu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/geminabox/CVE-2017-16792.yml	38.6.0
2026-05-31T00:57:37.922244+00:00	GHSA Importer	Fixing	VCID-eesj-5ucw-b7ak	https://github.com/advisories/GHSA-98hq-3qvg-pg78	38.6.0
2026-05-30T20:53:01.017604+00:00	GitLab Importer	Affected by	VCID-hnb4-hsjz-5kau	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/geminabox/CVE-2017-14683.yml	38.6.0
2026-05-30T20:53:00.834312+00:00	GitLab Importer	Fixing	VCID-eesj-5ucw-b7ak	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/geminabox/CVE-2017-14506.yml	38.6.0