Security

Report a vulnerability

SECURITY.md

Security

If you suspect you may have found a security vulnerability, please do not open a public issue or pull request. Instead, please send us a private advisory.

You should hear from us within a week, though we aim to release patches as quickly as possible. The last two security patches were released within a few hours of being reported privately to us.

Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
GHSA-9p57-h987-4vgx published Apr 29, 2024 by joeldrapper

High
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
GHSA-g7xq-xv8c-h98c published Apr 17, 2024 by joeldrapper

High
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
GHSA-242p-4v39-2v8g published Mar 11, 2024 by joeldrapper

High

Learn more about advisories related to phlex-ruby/phlex in the GitHub Advisory Database