OESA-2024-1774 rubygem-actionview security update

Simple, battle-tested conventions and helpers for building web pages. Security Fixes: A flaw was found in Rails. rails-ujs may allow an attacker to perform Cross-Site Scripting XSS, which could lead to stolen information, phishing attacks, and other types of attacks.CVE-2023-23913...

Directory Traversal And Information Disclosure

actionview gem is vulnerable to directory traversal and information disclosure. This vulnerability affects applications which pass user input directly into the 'render' method in an action view controller without verification. Using this vulnerability, attackers can render files from outside the...