VYPR

RubyGems package

view_component

pkg:gem/view_component

Vulnerabilities (4)

  • CVE-2026-44837MedMay 26, 2026
    affected >= 3.0.0, < 4.9.0fixed 4.9.0

    view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the te

  • CVE-2026-44836MedMay 26, 2026
    affected >= 3.0.0, < 4.9.0fixed 4.9.0

    view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with public_send. The code does not verify that the requested method is one o

  • CVE-2024-21636Jan 4, 2024
    affected >= 3.0.0, < 3.9.0fixed 3.9.0

    view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller

  • CVE-2022-24722Mar 2, 2022
    affected >= 2.31.0, < 2.31.2fixed 2.31.2

    VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and pa