Published: 19/03/2020 Updated: 07/11/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

In ActionView prior to 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rubyonrails actionview
debian debian linux 8.0
fedoraproject fedora 33
opensuse leap 15.1

Synopsis Important: Satellite 68 release Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Satellite 68 for RHEL 7Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Scoring System (CVSS) base score,which giv ...

Debian Bug report logs - #954304 rails: CVE-2020-5267: Possible XSS vulnerability in ActionView Package: src:rails; Maintainer for src:rails is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 19 Mar 2020 21:15:01 UTC ...

oss-sec mailing list archives   By Date By Thread </form>    [CVE-2020-5267] Possible XSS vulnerability in ActionView   From: Aaron Pa ...

Patch CVE-2020-5267 for Rails 4 and Rails 3

legacy-rails-CVE-2020-5267-patch A patch for CVE-2020-5267 for Rails 4 and Rails 3 Upgrading Rails would definitely be better, but in the meantime if you're stuck on older versions of Rails, this provides the monkey patch noted in the security advisory packaged and tested as a gem Installation Add this line to your application's Gemfile: gem 'legacy-rails-CVE-

run code quality and security audit report with one command

CodeQuality Run code quality and security audit report with one command code_quality Principle If you can’t measure it, you can’t improve it Installation gem install code_quality Or add this line to your application's Gemfile: group :development do gem 'code_quality' end

CWE-80 https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv http://www.openwall.com/lists/oss-security/2020/03/19/1 https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/https://access.redhat.com/errata/RHSA-2020:4366 https://nvd.nist.gov https://github.com/GUI/legacy-rails-CVE-2020-5267-patch

CVE-2020-5267

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect