ADVISORIES
GEM
SEVERITY
CVSS v3.x: 8.1 (High)
UNAFFECTED VERSIONS
- < 2.31.0
PATCHED VERSIONS
- >= 2.49.1
- ~> 2.31.2
DESCRIPTION
This is an XSS vulnerability that has the potential to impact anyone using
translations with the view_component gem. Data received via user input and
passed as an interpolation argument to the translate method is not properly
sanitized before display.
Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability.
Avoid passing user input to the translate function, or sanitize the inputs
before passing them.