CVE-2014-0046

low

Published 2014-02-07 · Modified 2025-08-11

CVSS v3

—

CVSS v2

2.6

VIR risk

2.6

Description

ember-source Cross-site Scripting vulnerability

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/56965

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://emberjs.com/blog/2014/02/07/ember-security-releases.html

Ecosystem	Package	Vulnerable	Fixed
RubyGems	ember-source	`!< 1.2.0\|\|<~> 1.2.2`	`~> 1.2.2`
RubyGems	ember-source	`>=1.2.0,<1.2.2`	`1.2.2`
RubyGems	ember-source	`>=1.3.0,<1.3.2`	`1.3.2`
RubyGems	ember-source	`>=1.4.0.beta.1,<1.4.0.beta.6`	`1.4.0.beta.6`

Vendor	Product	Versions
emberjs	ember.js	`1.2.0`
emberjs	ember.js	`1.2.1`
emberjs	ember.js	`1.3.0`
emberjs	ember.js	`1.3.1`
emberjs	ember.js	`1.4.0`

CWE-79

Verify integrity in audit chain (admin only). AS-IS.