gsd-2015-7565
Vulnerability from gsd
Modified
2016-01-14 00:00
Details
By default, Ember will escape any values in Handlebars templates that
use double curlies (`{{value}}`). Developers can specifically opt out of
this escaping behavior by passing an instance of `SafeString` rather
than a raw string, which tells Ember that it should not escape the
string because the developer has taken responsibility for escapement.
It is possible for an attacker to create a specially-crafted payload
that causes a non-sanitized string to be treated as a `SafeString`, and
thus bypass Ember's normal escaping behavior. This could allow an
attacker to execute arbitrary JavaScript in the context of the current
domain ("XSS").
All users running an affected release should either upgrade or use of
the workarounds immediately.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-7565",
"description": "Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.",
"id": "GSD-2015-7565"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "ember-source",
"purl": "pkg:gem/ember-source"
}
}
],
"aliases": [
"CVE-2015-7565",
"GHSA-m3q7-rj8g-m457"
],
"details": "By default, Ember will escape any values in Handlebars templates that\nuse double curlies (`{{value}}`). Developers can specifically opt out of\nthis escaping behavior by passing an instance of `SafeString` rather\nthan a raw string, which tells Ember that it should not escape the\nstring because the developer has taken responsibility for escapement.\n\nIt is possible for an attacker to create a specially-crafted payload\nthat causes a non-sanitized string to be treated as a `SafeString`, and\nthus bypass Ember\u0027s normal escaping behavior. This could allow an\nattacker to execute arbitrary JavaScript in the context of the current\ndomain (\"XSS\").\n\nAll users running an affected release should either upgrade or use of\nthe workarounds immediately.\n",
"id": "GSD-2015-7565",
"modified": "2016-01-14T00:00:00.000Z",
"published": "2016-01-14T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 6.1,
"type": "CVSS_V3"
}
],
"summary": "Ember.js XSS Vulnerability with User-Supplied JSON"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html",
"refsource": "CONFIRM",
"url": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html"
},
{
"name": "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2015-7565",
"cvss_v3": 6.1,
"date": "2016-01-14",
"description": "By default, Ember will escape any values in Handlebars templates that\nuse double curlies (`{{value}}`). Developers can specifically opt out of\nthis escaping behavior by passing an instance of `SafeString` rather\nthan a raw string, which tells Ember that it should not escape the\nstring because the developer has taken responsibility for escapement.\n\nIt is possible for an attacker to create a specially-crafted payload\nthat causes a non-sanitized string to be treated as a `SafeString`, and\nthus bypass Ember\u0027s normal escaping behavior. This could allow an\nattacker to execute arbitrary JavaScript in the context of the current\ndomain (\"XSS\").\n\nAll users running an affected release should either upgrade or use of\nthe workarounds immediately.\n",
"gem": "ember-source",
"ghsa": "m3q7-rj8g-m457",
"patched_versions": [
"~\u003e 1.11.4",
"~\u003e 1.12.2",
"~\u003e 1.13.12",
"~\u003e 2.0.3",
"~\u003e 2.1.2",
"\u003e= 2.2.1"
],
"title": "Ember.js XSS Vulnerability with User-Supplied JSON",
"unaffected_versions": [
"\u003c 1.8.0"
],
"url": "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=1.11.0a \u003c1.11.4||\u003e=1.12.0a \u003c1.12.2||\u003e=1.13.0a \u003c1.13.12||\u003e=2.0.0a \u003c2.0.3||\u003e=2.1.0a \u003c2.1.2||\u003e=2.2.0a \u003c2.2.1",
"affected_versions": "All versions starting from 1.11.0a before 1.11.4, all versions starting from 1.12.0a before 1.12.2, all versions starting from 1.13.0a before 1.13.12, all versions starting from 2.0.0a before 2.0.3, all versions starting from 2.1.0a before 2.1.2, all versions starting from 2.2.0a before 2.2.1",
"credit": "Roman Shafigullin at LinkedIn, Robert Jackson at Twitch",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2018-08-13",
"description": "By default, Ember will escape any values in Handlebars templates that use double curlies (`{{value}}`). Developers can specifically opt out of this escaping behavior by passing an instance of `SafeString` rather than a raw string, which tells Ember that it should not escape the string because the developer has taken responsibility for escapement. It is possible for an attacker to create a specially-crafted payload that causes a non-sanitized string to be treated as a `SafeString`, and thus bypass Ember\u0027s normal escaping behavior. This could allow an attacker to execute arbitrary JavaScript in the context of the current domain (\"XSS\").",
"fixed_versions": [
"1.11.4",
"1.12.2",
"1.13.12",
"2.0.3",
"2.1.2",
"2.2.1"
],
"identifier": "CVE-2015-7565",
"identifiers": [
"CVE-2015-7565"
],
"not_impacted": "Prior to 1.8.0",
"package_slug": "gem/ember-source",
"pubdate": "2017-04-13",
"solution": "Upgrade to latest or use workaround; see provided link.",
"title": "XSS Vulnerability with User-Supplied JSON",
"urls": [
"https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
],
"uuid": "80f62a81-8ab4-46db-a8b3-f11c66018a89"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.13.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.13.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.13.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.13.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.13.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.13.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.13.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.13.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:1.13.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emberjs:ember.js:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-7565"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html",
"refsource": "CONFIRM",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html"
},
{
"name": "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY",
"refsource": "CONFIRM",
"tags": [],
"url": "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2018-08-13T21:47Z",
"publishedDate": "2017-04-13T14:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…