CVE-2020-15169
CVE-2020-15169 affects Rails Action View translation helpers. Vulnerability arises when user-controlled default for a missing translation key named html or ending in _html is treated as HTML-safe, allowing XSS. Affected are Action View versions prior to 5.2.4.4 and 6.0.3.3; patch versions 5.2.4.4...