Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 847958 (CVE-2022-27777)

Summary: <dev-ruby/actionview-{5.2.7.1,6.0.4.8,6.1.5.1,7.0.2.4}: XSS in tag helpers
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: ruby
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 848051    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-28 18:22:22 UTC
CVE-2022-27777:

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

Please stabilize 6.0.4.8 and cleanup remaining affected versons.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-30 22:30:00 UTC
Thanks! Only XSS, all done.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-30 22:30:39 UTC
Sorry, not quite done. Please cleanup remaining affected versions.
Comment 3 Hans de Graaff gentoo-dev Security 2022-07-25 08:35:38 UTC
Cleanup done.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-25 19:19:18 UTC
Thanks! All done.