{"url":"http://public2.vulnerablecode.io/api/packages/149082?format=json","purl":"pkg:gem/ember-source@1.0.0.rc2.0","type":"gem","namespace":"","name":"ember-source","version":"1.0.0.rc2.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.2.2","latest_non_vulnerable_version":"2.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40204?format=json","vulnerability_id":"VCID-42k5-zsk1-5fcb","summary":"ember-source Cross-site Scripting vulnerability\nCross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute.","references":[{"reference_url":"http://emberjs.com/blog/2014/02/07/ember-security-releases.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://emberjs.com/blog/2014/02/07/ember-security-releases.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0046","reference_id":"","reference_type":"","scores":[{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67225","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.6721","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67227","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67243","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67235","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00521","scoring_system":"epss","scoring_elements":"0.67195","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0046"},{"reference_url":"http://secunia.com/advisories/56965","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/56965"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/91242","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/91242"},{"reference_url":"https://github.com/emberjs/ember.js","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/emberjs/ember.js"},{"reference_url":"https://github.com/emberjs/ember.js/commit/45ee8df2a0efc0afe233d6b9b17045782a2e6b2d","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/emberjs/ember.js/commit/45ee8df2a0efc0afe233d6b9b17045782a2e6b2d"},{"reference_url":"https://github.com/emberjs/ember.js/commit/94b28b8773acf894c4d7d7fccf4411a706292436","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/emberjs/ember.js/commit/94b28b8773acf894c4d7d7fccf4411a706292436"},{"reference_url":"https://github.com/emberjs/ember.js/commit/ab3199e68e1d0fc3c8f7f453cd38c51fe02af90b","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/emberjs/ember.js/commit/ab3199e68e1d0fc3c8f7f453cd38c51fe02af90b"},{"reference_url":"https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ember-security/1h6FRgr8lXQ"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/02/14/6","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/02/14/6"},{"reference_url":"http://www.securityfocus.com/bid/65579","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/65579"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0046","reference_id":"CVE-2014-0046","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0046"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2014-0046.yml","reference_id":"CVE-2014-0046.YML","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2014-0046.yml"},{"reference_url":"https://github.com/advisories/GHSA-4q53-fqhc-cr46","reference_id":"GHSA-4q53-fqhc-cr46","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4q53-fqhc-cr46"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56400?format=json","purl":"pkg:gem/ember-source@1.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/158980?format=json","purl":"pkg:gem/ember-source@1.3.0.beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"},{"vulnerability":"VCID-78w7-adb5-qfga"},{"vulnerability":"VCID-d7x3-kr4s-hqa9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.0.beta.1"},{"url":"http://public2.vulnerablecode.io/api/packages/56401?format=json","purl":"pkg:gem/ember-source@1.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/55044?format=json","purl":"pkg:gem/ember-source@1.4.0.beta.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"},{"vulnerability":"VCID-78w7-adb5-qfga"},{"vulnerability":"VCID-d7x3-kr4s-hqa9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0.beta.1"},{"url":"http://public2.vulnerablecode.io/api/packages/56402?format=json","purl":"pkg:gem/ember-source@1.4.0.beta.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0.beta.6"}],"aliases":["CVE-2014-0046","GHSA-4q53-fqhc-cr46"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-42k5-zsk1-5fcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39414?format=json","vulnerability_id":"VCID-78w7-adb5-qfga","summary":"Potential XSS Exploit With User-Supplied Data When Binding\nIn general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, we have identified a vulnerability that could lead to unescaped content being inserted into the innerHTML string without being sanitized. When a primitive value is used as the Handlebars context, that value is not properly escaped. An example of this would be using the `{{each}}` helper to iterate over an array of user-supplied strings and using `{{this}}` inside the block to display each string. In applications that contain templates whose context is a primitive value and use the `{{this}}` keyword to display that value, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (\"XSS\"). This vulnerability affects applications that contain templates whose context is set to a user-supplied primitive value (such as a string or number) and also contain the `{{this}}` special Handlebars variable to display the value.","references":[{"reference_url":"http://emberjs.com/blog/2014/01/14/ember-security-releases.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://emberjs.com/blog/2014/01/14/ember-security-releases.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0013","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42402","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42386","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42327","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42413","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42362","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42352","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0013"},{"reference_url":"https://github.com/emberjs/ember.js","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/emberjs/ember.js"},{"reference_url":"https://github.com/emberjs/ember.js/commit/3130e4d70c0a6865879a1c68028cfc3c6feca66c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/emberjs/ember.js/commit/3130e4d70c0a6865879a1c68028cfc3c6feca66c"},{"reference_url":"https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ember-security/2kpXXCxISS4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0013","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0013"},{"reference_url":"https://github.com/advisories/GHSA-8xm3-gm7c-5fjx","reference_id":"GHSA-8xm3-gm7c-5fjx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xm3-gm7c-5fjx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55045?format=json","purl":"pkg:gem/ember-source@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/158974?format=json","purl":"pkg:gem/ember-source@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/55046?format=json","purl":"pkg:gem/ember-source@1.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/158979?format=json","purl":"pkg:gem/ember-source@1.2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"},{"vulnerability":"VCID-d7x3-kr4s-hqa9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.2.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/55055?format=json","purl":"pkg:gem/ember-source@1.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/55048?format=json","purl":"pkg:gem/ember-source@1.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/158981?format=json","purl":"pkg:gem/ember-source@1.3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/55049?format=json","purl":"pkg:gem/ember-source@1.4.0.beta.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0.beta.2"},{"url":"http://public2.vulnerablecode.io/api/packages/149667?format=json","purl":"pkg:gem/ember-source@1.4.0-beta.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0-beta.2"}],"aliases":["CVE-2014-0013","GHSA-8xm3-gm7c-5fjx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-78w7-adb5-qfga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37559?format=json","vulnerability_id":"VCID-9pvf-jnbf-qqej","summary":"Potential XSS Exploit When Binding tagName to User-Supplied Data\nIn general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (\"XSS\"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4170.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4170.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4170","reference_id":"","reference_type":"","scores":[{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56733","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56714","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56682","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56729","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.5674","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00336","scoring_system":"epss","scoring_elements":"0.56734","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4170"},{"reference_url":"https://github.com/emberjs/ember.js","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/emberjs/ember.js"},{"reference_url":"https://github.com/emberjs/ember.js/commit/f70a8fa0647ef3a13c3c8ea1d7ba7fca22ea5f8e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/emberjs/ember.js/commit/f70a8fa0647ef3a13c3c8ea1d7ba7fca22ea5f8e"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2013-4170.yml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2013-4170.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ember-security/dokLVwwxAdM"},{"reference_url":"https://groups.google.com/g/ember-security/c/dokLVwwxAdM","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/g/ember-security/c/dokLVwwxAdM"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4170","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4170"},{"reference_url":"https://rubysec.com/advisories/CVE-2013-4170","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubysec.com/advisories/CVE-2013-4170"},{"reference_url":"https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102391","reference_id":"2102391","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2102391"},{"reference_url":"https://rubysec.com/advisories/CVE-2013-4170/","reference_id":"CVE-2013-4170","reference_type":"","scores":[],"url":"https://rubysec.com/advisories/CVE-2013-4170/"},{"reference_url":"https://github.com/advisories/GHSA-5m48-c37x-f792","reference_id":"GHSA-5m48-c37x-f792","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5m48-c37x-f792"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/149083?format=json","purl":"pkg:gem/ember-source@1.0.0.rc2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"},{"vulnerability":"VCID-78w7-adb5-qfga"},{"vulnerability":"VCID-9pvf-jnbf-qqej"},{"vulnerability":"VCID-d7x3-kr4s-hqa9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.0.0.rc2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/149085?format=json","purl":"pkg:gem/ember-source@1.0.0.rc3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"},{"vulnerability":"VCID-78w7-adb5-qfga"},{"vulnerability":"VCID-9pvf-jnbf-qqej"},{"vulnerability":"VCID-d7x3-kr4s-hqa9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.0.0.rc3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/149087?format=json","purl":"pkg:gem/ember-source@1.0.0.rc4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"},{"vulnerability":"VCID-78w7-adb5-qfga"},{"vulnerability":"VCID-d7x3-kr4s-hqa9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.0.0.rc4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/149089?format=json","purl":"pkg:gem/ember-source@1.0.0.rc5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"},{"vulnerability":"VCID-78w7-adb5-qfga"},{"vulnerability":"VCID-d7x3-kr4s-hqa9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.0.0.rc5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/51524?format=json","purl":"pkg:gem/ember-source@1.0.0.rc6.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.0.0.rc6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/158968?format=json","purl":"pkg:gem/ember-source@1.0.0.rc6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"},{"vulnerability":"VCID-78w7-adb5-qfga"},{"vulnerability":"VCID-d7x3-kr4s-hqa9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.0.0.rc6.2"}],"aliases":["CVE-2013-4170","GHSA-5m48-c37x-f792"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9pvf-jnbf-qqej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39405?format=json","vulnerability_id":"VCID-d7x3-kr4s-hqa9","summary":"Potential XSS Exploit\nIn general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to `innerHTML`. However, we have identified a vulnerability that could lead to unescaped content being inserted into the `innerHTML` string without being sanitized. When using the `{{group}}` helper, user supplied content in the template was not being sanitized. Though the vulnerability exists in Ember.js proper, it is only exposed via the use of an experimental plugin. In applications that use the `{{group}}` helper, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain (`XSS`). This vulnerability only affects applications that use the `{{group}}` helper to display user-provided content.","references":[{"reference_url":"http://emberjs.com/blog/2014/01/14/ember-security-releases.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://emberjs.com/blog/2014/01/14/ember-security-releases.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0014","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.5379","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53758","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53812","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53813","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53825","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53816","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0014"},{"reference_url":"https://github.com/emberjs/ember.js","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/emberjs/ember.js"},{"reference_url":"https://github.com/emberjs/ember.js/commit/12fa46ba1c6efb9ddac7bfdef7f4f6909781c801","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/emberjs/ember.js/commit/12fa46ba1c6efb9ddac7bfdef7f4f6909781c801"},{"reference_url":"https://github.com/emberjs/ember.js/commit/e52e047305849756c78abc1e760d621531c2c0a7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/emberjs/ember.js/commit/e52e047305849756c78abc1e760d621531c2c0a7"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2014-0014.yml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2014-0014.yml"},{"reference_url":"https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0014","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0014"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"https://github.com/advisories/GHSA-rcx6-7jp6-pqf2","reference_id":"GHSA-rcx6-7jp6-pqf2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rcx6-7jp6-pqf2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55045?format=json","purl":"pkg:gem/ember-source@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/158974?format=json","purl":"pkg:gem/ember-source@1.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/55046?format=json","purl":"pkg:gem/ember-source@1.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/55055?format=json","purl":"pkg:gem/ember-source@1.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/55047?format=json","purl":"pkg:gem/ember-source@1.2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.2.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/55048?format=json","purl":"pkg:gem/ember-source@1.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/158981?format=json","purl":"pkg:gem/ember-source@1.3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.3.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/55049?format=json","purl":"pkg:gem/ember-source@1.4.0.beta.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-42k5-zsk1-5fcb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0.beta.2"},{"url":"http://public2.vulnerablecode.io/api/packages/149667?format=json","purl":"pkg:gem/ember-source@1.4.0-beta.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.4.0-beta.2"}],"aliases":["CVE-2014-0014","GHSA-rcx6-7jp6-pqf2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d7x3-kr4s-hqa9"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/ember-source@1.0.0.rc2.0"}