Version 2.18.2

ember-source

Ember.js source code wrapper for use with Ruby libs.

Install Instructions

gem install ember-source
Current Version Release Date February 14, 2018
Language Ruby
Package URL (purl) pkg:gem/ember-source@2.18.2

Find ember-source vulnerabilities in your supply chain.

Scan for Free

ember-source Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2014-0013 Medium 5.4 CWE-79 0.00065 0.30453
  • 1.0.0–1.4.0.beta.1
  • 0.0.1–0.0.9
CVE-2014-0014 Medium 5.4 CWE-79 0.00088 0.39145
  • 1.0.0–1.4.0.beta.1
  • 0.0.1–0.0.9
CVE-2014-0046 Low 2.6 CWE-79 0.00279 0.68004
  • 1.2.0–1.4.0.beta.5
CVE-2015-7565 Medium 6.1 CWE-79 0.0011 0.45009
  • 2.0.0–2.2.0
  • 1.8.0–1.13.11
CVE-2013-4170 Medium 6.1 CWE-79 0.00071 0.33008
  • 1.0.0.rc1.0.0–1.0.0.rc6
  • 0.0.1–0.0.9
CVE-2015-1866 Medium 6.1 CWE-79 0.01403 0.86135
  • 1.10.0–1.11.1

ember-source Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2015-7565 Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML. 1.8.0, 1.9.0.alpha.2, 1.9.0, 1.13.3, 1.13.4.1, 1.13.6, 1.13.7, 1.13.10 (Show all) Minor → 1.11.4
CVE-2015-1866 Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2. 1.10.0, 1.11.0, 1.11.0.1, 1.11.1 Minor → 1.11.4
CVE-2014-0046 Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute. 1.2.0.1, 1.2.1.1, 1.3.1.1, 1.4.0.beta.1, 1.3.0, 1.4.0.beta.3, 1.4.0.beta.4, 1.4.0.beta.5 (Show all) Patch → 1.2.2
CVE-2014-0014 Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and a crafted payload. 1.0.0, 1.0.0.rc6.2, 1.0.0.rc7, 1.0.0.rc8, 1.1.0, 1.1.1, 1.1.2, 1.2.0.1 (Show all) Patch → 1.0.1
CVE-2014-0013 Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value and also contain the `{{this}}` special Handlebars variable. 1.0.0, 1.0.0.rc6.2, 1.0.0.rc7, 1.0.0.rc8, 1.1.0, 1.1.1, 1.1.2, 1.2.0.1 (Show all) Patch → 1.0.1
CVE-2013-4170 In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`. 1.0.0.rc6, 1.0.0.rc5, 1.0.0.rc4, 1.0.0.rc3, 1.0.0.rc2.0, 1.0.0.rc1.0.0, 0.0.8, 0.0.3 (Show all) Patch → 1.0.1

Instantly see if these ember-source vulnerabilities affect your code.

Scan for Free