Actionview Ruby on Rails Actionview

stack.watch can notify you when security vulnerabilities are reported in Ruby on Rails Actionview. You can add multiple products that you use with Actionview to create your own personal software stack watcher.

By the Year

In 2020 there have been 1 vulnerability in Ruby on Rails Actionview with an average score of 4.8 out of ten. Last year Actionview had 0 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2020 as compared to last year.

Year Vulnerabilities Average Score
2020 1 4.80
2019 0 0.00
2018 0 0.00

It may take a day or so for new Actionview vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Ruby on Rails Actionview Security Vulnerabilities

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers

CVE-2020-5267 4.8 - Medium - March 19, 2020

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

CVE-2020-5267 can be explotited with network access, requires user interaction and user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.7 out of four. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

XSS