49 matches found
OPENSUSE-SU-2020:0627-1 Security update for rubygem-actionview-5_1
This update for rubygem-actionview-51 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240. This update was imported from the SUSE:SLE-15:Update update project...
SUSE-SU-2020:1178-1 Security update for rubygem-actionview-5_1
This update for rubygem-actionview-51 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView's JavaScript literal escape helpers bsc1167240...
CVE-2020-5267
A flaw was found in rubygem-actionview. Views that use the j or escapejavascript methods may be susceptible to XSS attacks with ActionView's JavaScript literal escape helpers. The highest threat from this vulnerability is to data confidentiality and integrity...
SUSE-SU-2020:0954-1 Security update for rubygem-actionview-4_2
This update for rubygem-actionview-42 fixes the following issues: - CVE-2020-5267: Fixed an XSS vulnerability in ActionView bsc1167240...
CVE-2019-5418
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...
rubygem-actionpack: render file directory traversal in Action View
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...
rubygem-actionpack: render file directory traversal in Action View
A content disclosure flaw was found in rubygem-actionview. Specially crafted accept headers, in combination with calls to 'render file:', can cause arbitrary files on the target server to be rendered, disclosing the file contents. Code execution cannot be ruled out if the attacker is able to gain...
Fedora Update for rubygem-actionview FEDORA-2019-1cfe24db5c
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for rubygem-actionview FEDORA-2016-5760339e76
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
rubygem-actionview: cross-site scripting flaw in Action View
It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting XSS attack...
Fedora 24 : rubygem-actionview (2016-0d9890f7b5)
Fix for CVE-2016-6316 rhbz1366480 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
Fedora 23 : rubygem-actionview (2016-ab8bf51cf3)
Fix for CVE-2016-6316 rhbz1366480 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
Fedora Update for rubygem-actionview FEDORA-2016-ab8bf51cf3
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for rubygem-actionview FEDORA-2016-0d9890f7b5
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2016:0867-1 Security update for rubygem-actionview-4_2
This update for rubygem-actionview-42 fixes the following issues: - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack bsc968849...
SUSE-SU-2016:0854-1 Security update for rubygem-actionview-4_1
This update for rubygem-actionview-41 fixes the following issues: - CVE-2016-2097: rubygem-actionview: Possible Information Leak Vulnerability in Action View. bsc968850 - CVE-2016-2098: rubygem-actionpack: Possible remote code execution vulnerability in Action Pack bsc968849...
Fedora 22 : rubygem-actionpack-4.2.0-4.fc22 / rubygem-actionview-4.2.0-5.fc22 (2016-3954061e32)
Fix rails-html-sanitizer v1.0.3 compatibility. Fix code injection vulnerability CVE-2016-2098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
Fedora Update for rubygem-actionview FEDORA-2016-3954061
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 23 : rubygem-actionpack-4.2.3-5.fc23 / rubygem-actionview-4.2.3-5.fc23 (2016-f6af14570f)
Fix rails-html-sanitizer v1.0.3 compatibility. Fix code injection vulnerability CVE-2016-2098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
[SECURITY] Fedora 22 Update: rubygem-actionview-4.2.0-5.fc22
Simple, battle-tested conventions and helpers for building web pages...