{"url":"http://public2.vulnerablecode.io/api/packages/51604?format=json","purl":"pkg:gem/features@0.3.0","type":"gem","namespace":"","name":"features","version":"0.3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37573?format=json","vulnerability_id":"VCID-hwmk-u1zg-pyap","summary":"/tmp file injection vulnerability\nA malicious user creating /tmp/out.html first and repeatedly writing to it can inject malicious html into the file right before it is opened. PoC: nobody () sp0rk:/$ while (true); do echo \"<script> alert('Hello'); </script>\" >> /tmp/out.html; done Will pop up a javascript alert in other gem users browser.","references":[{"reference_url":"http://seclists.org/oss-sec/2013/q3/571","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q3/571"}],"fixed_packages":[],"aliases":["CVE-2013-4318"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwmk-u1zg-pyap"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/features@0.3.0"}