VYPR

rpm package

suse/rubygem-actionview-4_2&distro=SUSE OpenStack Cloud Crowbar 9

pkg:rpm/suse/rubygem-actionview-4_2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209

Vulnerabilities (4)

  • CVE-2022-27777May 26, 2022
    affected < 4.2.9-9.15.1fixed 4.2.9-9.15.1

    A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

  • CVE-2020-15169Sep 11, 2020
    affected < 4.2.9-9.12.1fixed 4.2.9-9.12.1

    In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS

  • CVE-2020-8163Jul 2, 2020
    affected < 4.2.9-9.9.1fixed 4.2.9-9.9.1

    The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

  • CVE-2020-5267Mar 19, 2020
    affected < 4.2.9-9.6.1fixed 4.2.9-9.6.1

    In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.