CVSS v3.x: 8.1 (High)
- < 2.31.0
- >= 2.49.1
- ~> 2.31.2
This is an XSS vulnerability that has the potential to impact anyone using
translations with the view_component gem. Data received via user input and
passed as an interpolation argument to the
translate method is not properly
sanitized before display.
Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability.
Avoid passing user input to the
translate function, or sanitize the inputs
before passing them.