{
  "schema_version": "1.4.0",
  "id": "GHSA-m3q7-rj8g-m457",
  "modified": "2023-01-26T21:07:48Z",
  "published": "2018-08-28T22:33:24Z",
  "aliases": [
    "CVE-2015-7565"
  ],
  "summary": "ember-source Cross-site Scripting vulnerability",
  "details": "Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML.",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "ember-source"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "1.8.0"
            },
            {
              "fixed": "1.11.4"
            }
          ]
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "ember-source"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "1.12.0"
            },
            {
              "fixed": "1.12.2"
            }
          ]
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "ember-source"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "1.13.0"
            },
            {
              "fixed": "1.13.12"
            }
          ]
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "ember-source"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.3"
            }
          ]
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "ember-source"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.2"
            }
          ]
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "ember-source"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.1"
            }
          ]
        }
      ],
      "versions": [
        "2.2.0"
      ]
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7565"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/ember-source/CVE-2015-7565.yml"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!topic/ember-security/OfyQkoSuppY"
    },
    {
      "type": "WEB",
      "url": "http://emberjs.com/blog/2016/01/14/security-releases-ember-1-11-4-1-12-2-1-13-12-2-0-3-2-1-2-2-2-1.html"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:44:43Z",
    "nvd_published_at": null
  }
}