60 matches found
ViewComponent: Reused Component Instances Retain Stale Render Context
Reused Component Instances Retain Stale Render Context Summary ViewComponent::Base instances retain multiple render-scoped objects across calls to renderin. If the same component, collection, or spacer component instance is reused across requests, users, tenants, or threads, later renders can use...
ViewComponent: around_render HTML-Safety Bypass
Summary ViewComponent::Basearoundrender can return HTML-unsafe strings that bypass the escaping behavior applied to normal call return values. This creates an XSS risk when downstream applications use aroundrender to wrap, replace, instrument, or conditionally return content that includes...
PT-2026-60388
Name of the Vulnerable Software and Affected Versions view component versions 4.0.0 through 4.11.0 Description ViewComponent::Base instances retain render-scoped objects across calls to the render in function. If the same component, collection, or spacer component instance is reused across...
Access Control Bypass
Overview Affected versions of this package are vulnerable to Access Control Bypass in the renderin. An attacker can access sensitive information or perform unauthorized actions by exploiting stale render context, which may include helpers, controller, request, viewflow, format/variant details, an...
CVE-2026-11701
An insufficient validation of untrusted input flaw was found in the Guest View component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516413817...
CVE-2026-11674
An use after free flaw was found in the Guest View component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516910450...
Reused Component Instances Retain Stale Render Context
Summary ViewComponent::Base instances retain multiple render-scoped objects across calls to renderin. If the same component, collection, or spacer component instance is reused across requests, users, tenants, or threads, later renders can use stale helpers, controller, request, viewflow,...
around_render HTML-Safety Bypass
Summary ViewComponent::Basearoundrender can return HTML-unsafe strings that bypass the escaping behavior applied to normal call return values. This creates an XSS risk when downstream applications use aroundrender to wrap, replace, instrument, or conditionally return content that includes...
Linux Distros Unpatched Vulnerability : CVE-2026-44837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint...
Linux Distros Unpatched Vulnerability : CVE-2026-44836
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives ...
CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
DEBIAN-CVE-2026-44836
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...
DEBIAN-CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
CVE-2026-44836
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...
CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
UBUNTU-CVE-2026-44837
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...
UBUNTU-CVE-2026-44836
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...
CVE-2026-44836
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...
CVE-2026-44836 view_component: Preview Route Can Dispatch Inherited Helper Methods
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...
CVE-2026-44836
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls it with publicsend. The code does not verify that the requested method is one of the preview...