Lucene search

K
osvGoogleOSV:GHSA-9CHR-4FJH-5RGW
HistoryOct 27, 2022 - 12:00 p.m.

Cross-site Scripting in actionpack

2022-10-2712:00:27
Google
osv.dev
10

0.001 Low

EPSS

Percentile

21.8%

actionpack from the Ruby on Rails project is vulnerable to Cross-site Scripting in the Route Error Page. This issue has been patched with this commit.

This vulnerability is disputed by the Rails security team. It requires that the developer is tricked into copy pasting a malicious javascript-containing string into a development-only error page accessible only via localhost.

0.001 Low

EPSS

Percentile

21.8%