Contents

---
gem: ember-source
cve: 2014-0014
url: https://groups.google.com/forum/#!topic/ember-security/PSE4RzTi6l4
title: |
  Ember.js Potential XSS Exploit With User-Supplied Data When Using {{group}}
  Helper
date: 2014-01-14
description: |
  In general, Ember.js escapes or strips any user-supplied content before
  inserting it in strings that will be sent to innerHTML.  However, we have
  identified a vulnerability that could lead to unescaped content being inserted
  into the innerHTML string without being sanitized.

  When using the `{{group}}` helper, user supplied content in the template was not
  being sanitized. Though the vulnerability exists in Ember.js proper, it is only
  exposed via the use of an experimental plugin.

  In applications that use the `{{group}}` helper, a specially-crafted payload
  could execute arbitrary JavaScript in the context of the current domain
  ("XSS").

  This vulnerability only affects applications that use the `{{group}}` helper
  to display user-provided content.
patched_versions:
  - ~> 1.0.1
  - ~> 1.1.3
  - ~> 1.2.1
  - ~> 1.3.1
  - ">= 1.4.0.beta.2"

Version data entries

6 entries across 6 versions & 2 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/gems/ember-source/CVE-2014-0014.yml
bundler-budit-0.6.2	data/ruby-advisory-db/gems/ember-source/CVE-2014-0014.yml
bundler-budit-0.6.1	data/ruby-advisory-db/gems/ember-source/CVE-2014-0014.yml
bundler-audit-0.6.1	data/ruby-advisory-db/gems/ember-source/CVE-2014-0014.yml
bundler-audit-0.6.0	data/ruby-advisory-db/gems/ember-source/CVE-2014-0014.yml
bundler-audit-0.5.0	data/ruby-advisory-db/gems/ember-source/CVE-2014-0014.yml