Add CVE-2018-1000855 for easymon (#373)

rosa · reedloden · commit 5b0b90e38268 · 2018-12-07T14:47:28.000-08:00
diff --git a/gems/easymon/CVE-2018-1000855.yml b/gems/easymon/CVE-2018-1000855.yml
@@ -0,0 +1,16 @@
+---
+gem: easymon
+date: 2018-11-09
+url: https://github.com/basecamp/easymon/issues/26
+cve: 2018-1000855
+title: Reflected XSS in Firefox in check endpoint
+description: |
+  When passing an invalid check name as parameter to the endpoint where
+  the easymon routes are mounted, a 406 response with a body that contains the invalid
+  check name unescaped is returned. Malicious JavaScript can be injected into that
+  invalid name and have it executed in Firefox
+patched_versions:
+  - ">= 1.4.1"
+related:
+  url:
+    - https://github.com/basecamp/easymon/pull/25
