Vulnerability Description
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emberjs | Ember.Js | < 1.0.0 |
Related Weaknesses (CWE)
References
- https://groups.google.com/g/ember-security/c/dokLVwwxAdMMailing ListPatchThird Party Advisory
- https://rubysec.com/advisories/CVE-2013-4170/Third Party Advisory
- https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102PatchThird Party Advisory
- https://groups.google.com/g/ember-security/c/dokLVwwxAdMMailing ListPatchThird Party Advisory
- https://rubysec.com/advisories/CVE-2013-4170/Third Party Advisory
- https://security.snyk.io/vuln/SNYK-RUBY-EMBERSOURCE-20102PatchThird Party Advisory
FAQ
What is CVE-2013-4170?
CVE-2013-4170 is a vulnerability with a CVSS score of 6.1 (MEDIUM). In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into suc...
How severe is CVE-2013-4170?
CVE-2013-4170 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4170?
Check the references section above for vendor advisories and patch information. Affected products include: Emberjs Ember.Js.