text_helpers is vulnerable to reverse tabnabbing. The vulnerability exists in multiple functions in translation.rb
due to lack of proper regular expression which allows an attacker to use web links to untrusted targets with window.opener
access.
github.com/advisories/GHSA-74hc-57m5-83ch
github.com/ahorner/text-helpers/commit/184b60ded0e43c985788582aca2d1e746f9405a3
github.com/ahorner/text-helpers/pull/19
github.com/ahorner/text-helpers/releases/tag/v1.1.0
github.com/rubysec/ruby-advisory-db/blob/master/gems/text_helpers/CVE-2020-36624.yml
vuldb.com/?id.216520