rf Keynote rumble.rb cross site scripting
Description
A vulnerability was found in rf Keynote up to 0.x on Rails. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lib/keynote/rumble.rb. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 05be4356b0a6ca7de48da926a9b997beb5ffeb4a. It is recommended to upgrade the affected component. VDB-217142 is the identifier assigned to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keynoteRubyGems | < 1.0.0 | 1.0.0 |
Affected products
2- rf/Keynotev5Range: 0.x
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/rf-/keynote/commit/05be4356b0a6ca7de48da926a9b997beb5ffeb4aghsapatchWEB
- github.com/rf-/keynote/releases/tag/v1.0.0ghsapatchWEB
- github.com/advisories/GHSA-399p-vq28-5hg8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-20159ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/keynote/CVE-2017-20159.ymlghsaWEB
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.