RubyGems package
mapbox-rails
pkg:gem/mapbox-rails
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-1000043 | Med | 6.1 | >= 1.0.0, < 1.6.6 | 1.6.6 | Jul 17, 2017 | Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control | |
| CVE-2017-1000042 | Med | 6.1 | >= 1.0.0, < 1.6.5 | 1.6.5 | Jul 17, 2017 | Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name. |
- affected >= 1.0.0, < 1.6.6fixed 1.6.6
Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control
- affected >= 1.0.0, < 1.6.5fixed 1.6.5
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.