Sha256: 2540e8875ac51b1ec57eb9461f4a38a7a129fab0e13918430aee02a990de6f82
Contents?: true
Size: 968 Bytes
Versions: 6
Compression:
Stored size: 968 Bytes
Contents
--- gem: ember-source cve: 2015-1866 url: https://groups.google.com/forum/#!topic/ember-security/nbntfs2EbRU title: Ember.js XSS Vulnerability With {{view "select"}} Options date: 2015-04-14 description: | In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, a change made to the implementation of the select view means that any user-supplied data bound to an option's label will not be escaped correctly. In applications that use Ember's select view and pass user-supplied content to the label, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). All users running an affected release and binding user-supplied data to the select options should either upgrade or use one of the workarounds immediately. patched_versions: - ~> 1.10.1 - ~> 1.11.2 - ">= 1.12.0" unaffected_versions: - "< 1.10.0"
Version data entries
6 entries across 6 versions & 2 rubygems