Open mend-bolt-for-github[bot] opened 2 years ago
Simple, battle-tested conventions and helpers for building web pages.
Library home page: https://rubygems.org/gems/actionview-5.2.2.gem
Path to dependency file: /auth-app/Gemfile.lock
Path to vulnerable library: /var/lib/gems/2.3.0/cache/actionview-5.2.2.gem
Dependency Hierarchy: - web-console-3.7.0.gem (Root Library) - :x: **actionview-5.2.2.gem** (Vulnerable Library)
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
Publish Date: 2022-05-26
URL: CVE-2022-27777
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-ch3h-j2vf-95pv
Release Date: 2022-05-26
Fix Resolution: actionview - 5.2.7.1,6.0.4.8,6.1.5.1,7.0.2.4
Step up your Open Source Security Game with Mend here
CVE-2022-27777 - Medium Severity Vulnerability
Vulnerable Library - actionview-5.2.2.gem
Simple, battle-tested conventions and helpers for building web pages.
Library home page: https://rubygems.org/gems/actionview-5.2.2.gem
Path to dependency file: /auth-app/Gemfile.lock
Path to vulnerable library: /var/lib/gems/2.3.0/cache/actionview-5.2.2.gem
Dependency Hierarchy: - web-console-3.7.0.gem (Root Library) - :x: **actionview-5.2.2.gem** (Vulnerable Library)
Vulnerability Details
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
Publish Date: 2022-05-26
URL: CVE-2022-27777
CVSS 3 Score Details (6.1)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-ch3h-j2vf-95pv
Release Date: 2022-05-26
Fix Resolution: actionview - 5.2.7.1,6.0.4.8,6.1.5.1,7.0.2.4
Step up your Open Source Security Game with Mend here