{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53087?format=json","vulnerability_id":"VCID-jgcw-4xwt-9bdy","summary":"Phlex is a framework for building object-oriented views in Ruby. In affected versions there is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. Since the last two vulnerabilities https://github.com/phlex-ruby/phlex/security/advisories/GHSA-242p-4v39-2v8g and https://github.com/phlex-ruby/phlex/security/advisories/GHSA-g7xq-xv8c-h98c, we have invested in extensive browser tests. It was these new tests that helped us uncover these issues. As of now the project exercises every possible attack vector the developers can think of — including enumerating every ASCII character, and we run these tests in Chrome, Firefox and Safari. Additionally, we test against a list of 6613 known XSS payloads (see: payloadbox/xss-payload-list). The reason these issues were not detected before is the escapes were working as designed. However, their design didn't take into account just how recklessly permissive browsers are when it comes to executing unsafe JavaScript via HTML attributes. If you render an `<a>` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. If you splat user-provided attributes when rendering any HTML or SVG tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. Patches are available on RubyGems for all minor versions released in the last year. Users are advised to upgrade. Users unable to upgrade should configure a Content Security Policy that does not allow `unsafe-inline` which would effectively prevent this vulnerability from being exploited. Users who upgrade are also advised to configure a Content Security Policy header that does not allow `unsafe-inline`.","aliases":[{"alias":"CVE-2024-32970"},{"alias":"GHSA-9p57-h987-4vgx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30840?format=json","purl":"pkg:gem/phlex@1.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br68-6fft-8ber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/30839?format=json","purl":"pkg:gem/phlex@1.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br68-6fft-8ber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.10.2"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/703766?format=json","purl":"pkg:gem/phlex@0.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@0.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/703767?format=json","purl":"pkg:gem/phlex@0.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@0.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/703768?format=json","purl":"pkg:gem/phlex@0.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@0.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/703769?format=json","purl":"pkg:gem/phlex@0.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@0.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/703770?format=json","purl":"pkg:gem/phlex@0.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@0.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/703771?format=json","purl":"pkg:gem/phlex@0.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@0.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/703772?format=json","purl":"pkg:gem/phlex@0.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@0.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/703773?format=json","purl":"pkg:gem/phlex@0.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@0.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/703774?format=json","purl":"pkg:gem/phlex@0.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@0.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/703775?format=json","purl":"pkg:gem/phlex@0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/703776?format=json","purl":"pkg:gem/phlex@0.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@0.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/703777?format=json","purl":"pkg:gem/phlex@0.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@0.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/703778?format=json","purl":"pkg:gem/phlex@1.0.0.rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.0.0.rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/703779?format=json","purl":"pkg:gem/phlex@1.0.0.rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.0.0.rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/703780?format=json","purl":"pkg:gem/phlex@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/29620?format=json","purl":"pkg:gem/phlex@1.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/29616?format=json","purl":"pkg:gem/phlex@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/29617?format=json","purl":"pkg:gem/phlex@1.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/29608?format=json","purl":"pkg:gem/phlex@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/703781?format=json","purl":"pkg:gem/phlex@1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/29609?format=json","purl":"pkg:gem/phlex@1.2.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.2.2"},{"url":"http://public2.vulnerablecode.io/api/packages/29614?format=json","purl":"pkg:gem/phlex@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/703782?format=json","purl":"pkg:gem/phlex@1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/703783?format=json","purl":"pkg:gem/phlex@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/29615?format=json","purl":"pkg:gem/phlex@1.3.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.3.3"},{"url":"http://public2.vulnerablecode.io/api/packages/29612?format=json","purl":"pkg:gem/phlex@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/29613?format=json","purl":"pkg:gem/phlex@1.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.4.1"},{"url":"http://public2.vulnerablecode.io/api/packages/30409?format=json","purl":"pkg:gem/phlex@1.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.4.2"},{"url":"http://public2.vulnerablecode.io/api/packages/29623?format=json","purl":"pkg:gem/phlex@1.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/703784?format=json","purl":"pkg:gem/phlex@1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/29624?format=json","purl":"pkg:gem/phlex@1.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/30401?format=json","purl":"pkg:gem/phlex@1.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/29610?format=json","purl":"pkg:gem/phlex@1.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.6.0"},{"url":"http://public2.vulnerablecode.io/api/packages/703785?format=json","purl":"pkg:gem/phlex@1.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/29611?format=json","purl":"pkg:gem/phlex@1.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/30402?format=json","purl":"pkg:gem/phlex@1.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.6.3"},{"url":"http://public2.vulnerablecode.io/api/packages/29621?format=json","purl":"pkg:gem/phlex@1.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/29622?format=json","purl":"pkg:gem/phlex@1.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.7.1"},{"url":"http://public2.vulnerablecode.io/api/packages/30410?format=json","purl":"pkg:gem/phlex@1.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.7.2"},{"url":"http://public2.vulnerablecode.io/api/packages/29618?format=json","purl":"pkg:gem/phlex@1.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/703786?format=json","purl":"pkg:gem/phlex@1.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/29619?format=json","purl":"pkg:gem/phlex@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/30411?format=json","purl":"pkg:gem/phlex@1.8.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.8.3"},{"url":"http://public2.vulnerablecode.io/api/packages/29625?format=json","purl":"pkg:gem/phlex@1.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"},{"vulnerability":"VCID-ktd3-z3en-ukc7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/29626?format=json","purl":"pkg:gem/phlex@1.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/30407?format=json","purl":"pkg:gem/phlex@1.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/324961?format=json","purl":"pkg:gem/phlex@1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/30404?format=json","purl":"pkg:gem/phlex@1.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8pe7-mz33-t7a9"},{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.10.0"},{"url":"http://public2.vulnerablecode.io/api/packages/30405?format=json","purl":"pkg:gem/phlex@1.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-br68-6fft-8ber"},{"vulnerability":"VCID-jgcw-4xwt-9bdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:gem/phlex@1.10.1"}],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32970","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.52048","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-32970"},{"reference_url":"https://github.com/phlex-ruby/phlex","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/phlex-ruby/phlex"},{"reference_url":"https://rubygems.org/gems/phlex/versions/1.10.2","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubygems.org/gems/phlex/versions/1.10.2"},{"reference_url":"https://rubygems.org/gems/phlex/versions/1.9.3","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rubygems.org/gems/phlex/versions/1.9.3"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy","reference_id":"Content-Security-Policy","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:29:00Z/"}],"url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline","reference_id":"Content-Security-Policy#unsafe-inline","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:29:00Z/"}],"url":"https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32970","reference_id":"CVE-2024-32970","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-32970"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/phlex/CVE-2024-32970.yml","reference_id":"CVE-2024-32970.YML","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/phlex/CVE-2024-32970.yml"},{"reference_url":"https://github.com/phlex-ruby/phlex/commit/da8f94342a84cff9d78c98bcc3b3604ee2e577d2","reference_id":"da8f94342a84cff9d78c98bcc3b3604ee2e577d2","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:29:00Z/"}],"url":"https://github.com/phlex-ruby/phlex/commit/da8f94342a84cff9d78c98bcc3b3604ee2e577d2"},{"reference_url":"https://github.com/advisories/GHSA-9p57-h987-4vgx","reference_id":"GHSA-9p57-h987-4vgx","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9p57-h987-4vgx"},{"reference_url":"https://github.com/phlex-ruby/phlex/security/advisories/GHSA-9p57-h987-4vgx","reference_id":"GHSA-9p57-h987-4vgx","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:29:00Z/"}],"url":"https://github.com/phlex-ruby/phlex/security/advisories/GHSA-9p57-h987-4vgx"},{"reference_url":"https://rubygems.org/gems/phlex","reference_id":"phlex","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:29:00Z/"}],"url":"https://rubygems.org/gems/phlex"},{"reference_url":"https://github.com/payloadbox/xss-payload-list","reference_id":"xss-payload-list","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-18T15:29:00Z/"}],"url":"https://github.com/payloadbox/xss-payload-list"}],"weaknesses":[{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":"0.5","weighted_severity":"8.0","risk_score":4.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgcw-4xwt-9bdy"}