actionview
RubyGems13 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting actionviewpage 1 of 1
- CVE-2011-0446NONECVSS 0.0EG 0.0✓ Fixed in 3.0.42011-02-14
Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (…
- CVE-2016-0752HIGHCVSS 7.5EG 9.0⚠ KEV✓ Fixed in 4.2.5.12016-02-16
vulnerable: 4.2.0 ... 4.2.5.rc2 (14 versions)
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an applica…
- CVE-2016-2097MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.1.14.22016-04-07
vulnerable: 4.1.0 ... 4.1.9.rc1 (35 versions)
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a …
- CVE-2016-6316MEDIUMCVSS 6.1EG 6.1✓ Fixed in 5.0.0.12016-09-07
vulnerable: 5.0.0
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" a…
- CVE-2019-5418HIGHCVSS 7.5EG 9.0⚠ KEV✓ Fixed in 5.0.7.22019-03-27
vulnerable: 5.0.0 ... 5.0.7.1 (17 versions)
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
- CVE-2019-5419HIGHCVSS 7.5EG 7.5✓ Fixed in 6.0.0.beta32019-03-27
vulnerable: 6.0.0.beta1, 6.0.0.beta2
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
- CVE-2020-15169MEDIUMCVSS 5.4EG 5.4✓ Fixed in 6.0.3.32020-09-11
vulnerable: 6.0.0 ... 6.0.3.rc1 (12 versions)
In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `trans…
- CVE-2020-5267MEDIUMCVSS 4.0EG 4.0✓ Fixed in 6.0.2.22020-03-19
vulnerable: 6.0.0 ... 6.0.2.rc2 (7 versions)
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue …
- CVE-2020-8163HIGHCVSS 8.8EG 9.0✓ Fixed in 4.2.11.32020-07-02
vulnerable: 4.1.0 ... 4.2.9.rc2 (78 versions)
The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.
- CVE-2020-8167MEDIUMCVSS 6.5EG 6.5✓ Fixed in 6.0.3.12020-06-19
vulnerable: 6.0.0 ... 6.0.3.rc1 (10 versions)
A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.
- CVE-2022-27777MEDIUMCVSS 6.1EG 6.1✓ Fixed in 7.0.2.42022-05-26
vulnerable: 7.0.0 ... 7.0.2.3 (6 versions)
A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.
- CVE-2023-23913MEDIUMCVSS 6.3EG 6.3✓ Fixed in 7.0.4.32025-01-09
vulnerable: 7.0.0 ... 7.0.4.2 (12 versions)
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML c…
- CVE-2026-33168NONECVSS 0.0EG 0.0✓ Fixed in 7.2.3.12026-03-23
vulnerable: 4.1.0 ... 7.2.3 (286 versions)
Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute …
Check whether actionview is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for actionview CVEs against the assets you own.
Start Free Scan →