Moderate severityNVD Advisory· Published Aug 5, 2020· Updated Aug 4, 2024
CVE-2020-16254
CVE-2020-16254
Description
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
chartkickRubyGems | < 3.4.0 | 3.4.0 |
Affected products
2- Ruby/Chartkick gemdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-3j95-fjv2-3m4pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-16254ghsaADVISORY
- github.com/ankane/chartkick/commit/ba67ab5e603de4d94676790fdac425f8199f1c4fghsaWEB
- github.com/ankane/chartkick/issues/546ghsax_refsource_MISCWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/chartkick/CVE-2020-16254.ymlghsaWEB
News mentions
0No linked articles in our index yet.