VYPR

rpm package

suse/rubygem-actionview-4_2&distro=SUSE OpenStack Cloud 6-LTSS

pkg:rpm/suse/rubygem-actionview-4_2&distro=SUSE%20OpenStack%20Cloud%206-LTSS

Vulnerabilities (2)

  • CVE-2020-15169Sep 11, 2020
    affected < 4.2.9-9.12.1fixed 4.2.9-9.12.1

    In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS

  • CVE-2020-8163Jul 2, 2020
    affected < 4.2.9-9.9.1fixed 4.2.9-9.9.1

    The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.