ALT-PU-2020-3435-2

Package update gem-rails in branch sisyphus

Version5.2.4.4-alt1

Published2026-02-04

Max severityMEDIUM

Severity:

Closed issues (3)

MEDIUM6.1

Уязвимость функции translate из translation_helper.rb программной платформы Ruby on Rails, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных

Published: 2021-07-13Modified: 2025-07-02

CVSS 3.xMEDIUM 6.1

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

References

CVE-2020-15169

MEDIUM6.1

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.

Published: 2020-09-11Modified: 2024-11-21

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 6.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

GHSA-cfjv-5498-mph5

MEDIUM5.4

XSS in Action View

Published: 2020-09-11Modified: 2023-05-04

CVSS 3.xMEDIUM 5.4

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

References