Vulnerabilities

CVE-2020-5267

by Fred · 19/03/2020

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView’s JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

Date published : 2020-03-19

https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/

Similar

Tags: Cybersecurity Alert