VulnerableCode Package Details - pkg:gem/phlex@1.7.2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/phlex@1.7.2

Essentials
History (1)

purl	pkg:gem/phlex@1.7.2

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-m3kh-42bg-ykd8	Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the `javascript:` URL scheme in the `href` attribute of an `<a>` tag could be bypassed with tab `\t` or newline `\n` characters between the characters of the protocol, e.g. `java\tscript:`.	CVE-2024-32463 GHSA-g7xq-xv8c-h98c

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:47:38.075201+00:00	GitLab Importer	Fixing	VCID-m3kh-42bg-ykd8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/phlex/CVE-2024-32463.yml	38.6.0