Action View Project Action View 4.2.2 for Ruby

CPE Details

Action View Project Action View 4.2.2 for Ruby
action_view_project
action_view
4.2.2
2020-12-09
11h58 +00:00
2020-12-09
11h58 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:action_view_project:action_view:4.2.2:*:*:*:*:ruby:*:*

Informations

Vendor

action_view_project

Product

action_view

Version

4.2.2

Target Software

ruby

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-15169 2020-09-11 13h50 +00:00 In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.
6.1
Moyen