Miggo Logo
Miggo Vulnerability Database
CVE-2014-0014

CVE-2014-0014: ember-source Cross-site Scripting vulnerability

5.4

CVSS Score
3.0

Basic Information

CVE ID
CVE-2014-0014
GHSA ID
GHSA-rcx6-7jp6-pqf2
EPSS Score
0.52183%
CWE
CWE-79
Published
5/14/2022
Updated
4/24/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
ember-sourcerubygems>= 1.0.0.pre4.0, < 1.0.11.0.1
ember-sourcerubygems>= 1.1.0, < 1.1.31.1.3
ember-sourcerubygems>= 1.2.0.beta.1, < 1.2.11.2.1
ember-sourcerubygems>= 1.3.0.beta.1, < 1.3.11.3.1
ember-sourcerubygems= 1.4.0-beta.11.4.0-beta.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper output escaping in the {{group}} helper implementation. The commit diff shows the fix added escapeExpression handling to the simpleBind function in binding.js, which is responsible for rendering grouped content. Prior to this fix, user-controlled input passed through {{group}} would render raw HTML without sanitization. The accompanying test cases in group_test.js verify that normal mustaches now escape HTML while triple mustaches allow it, confirming the vulnerability existed in the rendering logic of the group helper's binding implementation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*m**r.js *.*.x ***or* *.*.*, *.*.x ***or* *.*.*, *.*.x ***or* *.*.*, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.*-**t*.* *llows r*mot* *tt**k*rs to *on*u*t *ross-sit* s*riptin* (XSS) *tt**ks *y l*v*r**in* *n *ppli**tion usin* t** `{{*roup}}` **lp*r *n*

Reasoning

T** vuln*r**ility st*mm** *rom improp*r output *s**pin* in t** {{*roup}} **lp*r impl*m*nt*tion. T** *ommit *i** s*ows t** *ix ***** `*s**p**xpr*ssion` **n*lin* to t** `simpl**in*` *un*tion in `*in*in*.js`, w*i** is r*sponsi*l* *or r*n**rin* *roup** *