Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-site Scripting in view_component
Vulnerability Description
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
VIewComponent 跨站脚本漏洞
Vulnerability Description
VIewComponent是一个在 Ruby on Rails 中构建可重用、可测试和封装的视图组件的框架。 VIewComponent 存在跨站脚本漏洞,该漏洞通过用户输入接收并作为插值参数传递给translat方法的数据在显示之前未正确清理。
CVSS Information
N/A
Vulnerability Type
N/A