pkg:gem/phlex

Type gem

Name phlex

Known advisories, vulnerabilities and fixes for phlex package.

Repository: https://rubygems.org/gems/phlex

High 4

Type	Version	Distribution	# CVEs	# Advisory ID	Title	Severity	Published
Affected	< 1.9.1		CVE-2024-28199	RUBYSEC:PHLEX-2024-28199	Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex	high	2024-03-12T00:00:00 (6 months ago)
Fixed	= 1.0.1 = 1.1.1 = 1.2.2 = 1.3.3 = 1.4.1 = 1.5.2 = 1.6.2 = 1.7.1 = 1.8.2 >= 1.9.1		CVE-2024-28199	RUBYSEC:PHLEX-2024-28199	Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex	high	2024-03-12T00:00:00 (6 months ago)
Affected	< 1.10.1		CVE-2024-32463	RUBYSEC:PHLEX-2024-32463	Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags	high	2024-04-16T00:00:00 (5 months ago)
Fixed	= 1.4.2 = 1.5.3 = 1.6.3 = 1.7.2 = 1.8.3 = 1.9.2 >= 1.10.1		CVE-2024-32463	RUBYSEC:PHLEX-2024-32463	Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags	high	2024-04-16T00:00:00 (5 months ago)
Affected	< 1.10.2		CVE-2024-32970	RUBYSEC:PHLEX-2024-32970	Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values	high	2024-05-01T00:00:00 (4 months ago)
Fixed	= 1.9.3 >= 1.10.2		CVE-2024-32970	RUBYSEC:PHLEX-2024-32970	Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values	high	2024-05-01T00:00:00 (4 months ago)
Affected	< 1.10.1			RUBYSEC:PHLEX-G7XQ-XV8C-H98C	Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags	high	2024-04-16T00:00:00 (5 months ago)
Fixed	= 1.4.2 = 1.5.3 = 1.6.3 = 1.7.2 = 1.8.3 = 1.9.2 >= 1.10.1			RUBYSEC:PHLEX-G7XQ-XV8C-H98C	Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags	high	2024-04-16T00:00:00 (5 months ago)