4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.0%
The helper method for i18n translations has a convention whereby translations strings with a name ending in ‘html’ are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these ‘html’ strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped.
CPE | Name | Operator | Version |
---|---|---|---|
gem/actionpack | ge | 3.0.0.alpha0 | |
gem/actionpack | lt | 3.0.11 | |
gem/actionpack | ge | 3.1.0.alpha0 | |
gem/actionpack | lt | 3.1.2 |