2 matches found
CVE-2024-21636
viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the...
CVE-2024-21636
CVE-2024-21636 affects the ViewComponent framework for Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 allow cross-site scripting when a component defines a #call method and returns unescaped content, and when #output_postamble also returns unescaped content. The vulnerability applies to render...