RubyGems package
actiontext
pkg:gem/actiontext
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-47888 | Med | — | >= 6.0.0, < 6.1.7.9 | 6.1.7.9 | Oct 16, 2024 | Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Carefully crafted text can cau | |
| CVE-2024-32464 | — | >= 7.1.0, < 7.1.3.4 | 7.1.3.4 | Jun 4, 2024 | Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2. | ||
| CVE-2024-34341 | Med | 5.4 | >= 7.0.0.alpha1, < 7.0.8.3 | 7.0.8.3 | May 7, 2024 | Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allo |
- affected >= 6.0.0, < 6.1.7.9fixed 6.1.7.9
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Action Text. Carefully crafted text can cau
- CVE-2024-32464Jun 4, 2024affected >= 7.1.0, < 7.1.3.4fixed 7.1.3.4
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2.
- affected >= 7.0.0.alpha1, < 7.0.8.3fixed 7.0.8.3
Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allo