actiontext

RubyGems3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting actiontextpage 1 of 1

CVE-2024-32464MEDIUMCVSS 6.1EG 6.1✓ Fixed in 7.2.0.beta2
2024-06-04
vulnerable: 7.2.0.beta1
Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7…
CVE-2024-34341MEDIUMCVSS 5.4EG 5.4✓ Fixed in 7.1.3.3
2024-05-07
vulnerable: 7.1.0 ... 7.1.3.2 (9 versions)
Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from impr…
CVE-2024-47888MEDIUMCVSS 6.6EG 0.0✓ Fixed in 7.2.1.1
2024-10-16
vulnerable: 7.2.0, 7.2.1
Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and 7.2.1.1, there is a possible ReDoS vulnerability in the `plain_text_for_blockquote_node helper` in Ac…

Check whether actiontext is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for actiontext CVEs against the assets you own.

Start Free Scan →