rpm package
opensuse/rubygem-actionview-6.0&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/rubygem-actionview-6.0&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-8264 | — | < 6.0.4.4-1.1 | 6.0.4.4-1.1 | Jan 6, 2021 | In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local applic | ||
| CVE-2020-8185 | — | < 6.0.4.4-1.1 | 6.0.4.4-1.1 | Jul 2, 2020 | A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production. | ||
| CVE-2020-8167 | — | < 6.0.4.4-1.1 | 6.0.4.4-1.1 | Jun 19, 2020 | A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains. | ||
| CVE-2020-5267 | — | < 6.0.4.4-1.1 | 6.0.4.4-1.1 | Mar 19, 2020 | In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. | ||
| CVE-2019-5418 | — | KEV | < 6.0.4.4-1.1 | 6.0.4.4-1.1 | Mar 27, 2019 | There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. |
- CVE-2020-8264Jan 6, 2021affected < 6.0.4.4-1.1fixed 6.0.4.4-1.1
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local applic
- CVE-2020-8185Jul 2, 2020affected < 6.0.4.4-1.1fixed 6.0.4.4-1.1
A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.
- CVE-2020-8167Jun 19, 2020affected < 6.0.4.4-1.1fixed 6.0.4.4-1.1
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
- CVE-2020-5267Mar 19, 2020affected < 6.0.4.4-1.1fixed 6.0.4.4-1.1
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
- affected < 6.0.4.4-1.1fixed 6.0.4.4-1.1
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.