Open mend-bolt-for-github[bot] opened 2 years ago
Simple, battle-tested conventions and helpers for building web pages.
Library home page: https://rubygems.org/gems/actionview-5.2.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy: - web-console-3.7.0.gem (Root Library) - :x: **actionview-5.2.1.gem** (Vulnerable Library)
Found in HEAD commit: 6a7b117f02b8b0166d564b1b9ca00233f9b099bc
Found in base branch: master
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
Publish Date: 2022-05-26
URL: CVE-2022-27777
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-ch3h-j2vf-95pv
Release Date: 2022-05-26
Fix Resolution: actionview - 5.2.7.1,6.0.4.8,6.1.5.1,7.0.2.4
Step up your Open Source Security Game with Mend here
CVE-2022-27777 - Medium Severity Vulnerability
Simple, battle-tested conventions and helpers for building web pages.
Library home page: https://rubygems.org/gems/actionview-5.2.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /Gemfile.lock
Dependency Hierarchy: - web-console-3.7.0.gem (Root Library) - :x: **actionview-5.2.1.gem** (Vulnerable Library)
Found in HEAD commit: 6a7b117f02b8b0166d564b1b9ca00233f9b099bc
Found in base branch: master
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
Publish Date: 2022-05-26
URL: CVE-2022-27777
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/advisories/GHSA-ch3h-j2vf-95pv
Release Date: 2022-05-26
Fix Resolution: actionview - 5.2.7.1,6.0.4.8,6.1.5.1,7.0.2.4
Step up your Open Source Security Game with Mend here