Moderate severityNVD Advisory· Published Jul 8, 2024· Updated Aug 2, 2024
RailsAdmin Cross-site Scripting vulnerability in the list view
CVE-2024-39308
Description
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rails_adminRubyGems | >= 3.0.0.beta, < 3.1.3 | 3.1.3 |
Affected products
2- railsadminteam/rails_adminv5Range: >= 3.0.0, < 3.1.3
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-8qgm-g2vv-vwvcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-39308ghsaADVISORY
- github.com/railsadminteam/rails_admin/commit/b5a287d82e2cbd1737a1a01e11ede2911cce7fefghsax_refsource_MISCWEB
- github.com/railsadminteam/rails_admin/commit/d84b39884059c4ed50197cec8522cca029a17673ghsax_refsource_MISCWEB
- github.com/railsadminteam/rails_admin/issues/3686ghsax_refsource_MISCWEB
- github.com/railsadminteam/rails_admin/security/advisories/GHSA-8qgm-g2vv-vwvcghsax_refsource_CONFIRMWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rails_admin/CVE-2024-39308.ymlghsaWEB
- rubygems.org/gems/rails_admin/versions/2.3.0ghsax_refsource_MISCWEB
- rubygems.org/gems/rails_admin/versions/3.1.3ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.