FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kaminari -- potential XSS vulnerability

Affected packages
rubygem-kaminari-core < 1.2.1

Details

VuXML ID 4e6875a2-a126-11ea-b385-08002728f74c
Discovery 2020-04-22
Entry 2020-05-28

Kaminari Security Advisories:

There was a vulnerability in versions of Kaminari that would allow an attacker to inject arbitrary code into pages with pagination links.

The 1.2.1 gem including the patch has already been released.

All past released versions are affected by this vulnerability.

References

CVE Name CVE-2020-11082
URL https://github.com/kaminari/kaminari/blob/master/CHANGELOG.md#121
URL https://github.com/kaminari/kaminari/pull/1020
URL https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433