ADVISORIES

• CVE-2020-5241 (NVD)
• GHSA-3jqw-vv45-mjhh
• Vendor Advisory

GEM

matestack-ui-core

SEVERITY

CVSS v3.x: 9.8 (Critical)

CVSS v2.0: 10.0 (High)

PATCHED VERSIONS

• >= 0.7.4

DESCRIPTION

matestack-ui-core does not excape strings by default and does not cover this in the docs. matestack-ui-core should escape strings by default in order to prevent XSS/Script injection vulnerability. v0.7.4 fixes that by escaping strings by default.