File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ ---
2+ gem : text_helpers
3+ cve : 2020-36624
4+ ghsa : 74hc-57m5-83ch
5+ url : https://github.com/ahorner/text-helpers/pull/19
6+ title : text_helpers uses web link to untrusted target with window.opener access
7+ date : 2022-12-22
8+ description : A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. It has
9+ been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb.
10+ The manipulation of the argument link leads to use of web link to untrusted target
11+ with window.opener access. The attack can be initiated remotely. Upgrading to version
12+ 1.2.0 can address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3.
13+ It is recommended to upgrade the affected component. The identifier of this vulnerability
14+ is VDB-216520.
15+ unaffected_versions :
16+ - " < 1.1.0"
17+ patched_versions :
18+ - " >= 1.2.0"
19+ related :
20+ url :
21+ - https://github.com/ahorner/text-helpers/commit/184b60ded0e43c985788582aca2d1e746f9405a3
22+ - https://github.com/ahorner/text-helpers/releases/tag/v1.2.0
23+ - https://vuldb.com/?id.216520
You can’t perform that action at this time.
0 commit comments