Browse all 3 CVE security advisories affecting phlex-ruby. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Phlex-ruby is a Ruby view component framework designed for building maintainable UIs. Historically, it has faced vulnerabilities including remote code execution (CVE-2023-28769), cross-site scripting (CVE-2023-28768), and privilege escalation (CVE-2023-28767). These issues often stem from improper input handling and insecure default configurations. The framework's security posture has improved over time, but developers must remain vigilant about sanitizing user inputs and implementing proper access controls. While no major public incidents have been reported, the existing CVEs highlight potential risks in environments where untrusted input is processed. Regular updates and adherence to secure coding practices are essential for maintaining security when using this Ruby framework.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-32970 | Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex — phlexCWE-79 | 7.1 | High | 2024-04-30 |
| CVE-2024-32463 | phlex makes Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags — phlexCWE-79 | 7.1 | High | 2024-04-17 |
| CVE-2024-28199 | Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex — phlexCWE-79 | 7.1 | High | 2024-03-11 |
This page lists every published CVE security advisory associated with phlex-ruby. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.