Sha256: b60461422ce9d8257ffe072133c751e1393c2cc468c593c7a78b8c31200cee51

Contents?: true

Size: 556 Bytes

Versions: 3

Compression:

Stored size: 556 Bytes

Contents

---
gem: easymon
date: 2018-11-09
url: https://github.com/basecamp/easymon/issues/26
cve: 2018-1000855
title: Reflected XSS in Firefox in check endpoint
description: |
  When passing an invalid check name as parameter to the endpoint where
  the easymon routes are mounted, a 406 response with a body that contains the invalid
  check name unescaped is returned. Malicious JavaScript can be injected into that
  invalid name and have it executed in Firefox
patched_versions:
  - ">= 1.4.1"
related:
  url:
    - https://github.com/basecamp/easymon/pull/25

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/easymon/CVE-2018-1000855.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/easymon/CVE-2018-1000855.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/easymon/CVE-2018-1000855.yml