RubyGems package
view_component
pkg:gem/view_component
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44837 | Med | 5.9 | >= 3.0.0, < 4.9.0 | 4.9.0 | May 26, 2026 | view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the te | |
| CVE-2026-44836 | Med | 6.5 | >= 3.0.0, < 4.9.0 | 4.9.0 | May 26, 2026 | view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with public_send. The code does not verify that the requested method is one o | |
| CVE-2024-21636 | — | >= 3.0.0, < 3.9.0 | 3.9.0 | Jan 4, 2024 | view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller | ||
| CVE-2022-24722 | — | >= 2.31.0, < 2.31.2 | 2.31.2 | Mar 2, 2022 | VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and pa |
- affected >= 3.0.0, < 4.9.0fixed 4.9.0
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the te
- affected >= 3.0.0, < 4.9.0fixed 4.9.0
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with public_send. The code does not verify that the requested method is one o
- CVE-2024-21636Jan 4, 2024affected >= 3.0.0, < 3.9.0fixed 3.9.0
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller
- CVE-2022-24722Mar 2, 2022affected >= 2.31.0, < 2.31.2fixed 2.31.2
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and pa