rpm package
suse/rubygem-actionview-4_2&distro=SUSE OpenStack Cloud Crowbar 8
pkg:rpm/suse/rubygem-actionview-4_2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-27777 | — | < 4.2.9-9.15.1 | 4.2.9-9.15.1 | May 26, 2022 | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | ||
| CVE-2020-15169 | — | < 4.2.9-9.12.1 | 4.2.9-9.12.1 | Sep 11, 2020 | In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS | ||
| CVE-2020-8163 | — | < 4.2.9-9.9.1 | 4.2.9-9.9.1 | Jul 2, 2020 | The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE. | ||
| CVE-2020-5267 | — | < 4.2.9-9.6.1 | 4.2.9-9.6.1 | Mar 19, 2020 | In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2. |
- CVE-2022-27777May 26, 2022affected < 4.2.9-9.15.1fixed 4.2.9-9.15.1
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
- CVE-2020-15169Sep 11, 2020affected < 4.2.9-9.12.1fixed 4.2.9-9.12.1
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS
- CVE-2020-8163Jul 2, 2020affected < 4.2.9-9.9.1fixed 4.2.9-9.9.1
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
- CVE-2020-5267Mar 19, 2020affected < 4.2.9-9.6.1fixed 4.2.9-9.6.1
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.