PT-2018-4117 · Ember · Ember.Js

Publicado

2018-02-15

·

Atualizado

2022-05-14

·

CVE-2014-0014

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Ember.js versions 1.0.x through 1.0.0 Ember.js versions 1.1.x through 1.1.2 Ember.js versions 1.2.x through 1.2.0 Ember.js versions 1.3.x through 1.3.0 Ember.js versions 1.4.x through 1.4.0-beta.1
Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the {{group}} Helper and a crafted payload.
Recommendations For Ember.js versions 1.0.x, update to version 1.0.1 or later. For Ember.js versions 1.1.x, update to version 1.1.3 or later. For Ember.js versions 1.2.x, update to version 1.2.1 or later. For Ember.js versions 1.3.x, update to version 1.3.1 or later. For Ember.js versions 1.4.x, update to version 1.4.0-beta.2 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2014-0014
GHSA-RCX6-7JP6-PQF2

Produtos afetados

Ember.Js