FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Rails -- Potential XSS vulnerability

Affected packages
rubygem-actionview52 < 5.2.4.4
rubygem-actionview60 < 6.0.3.3

Details

VuXML ID 7b630362-f468-11ea-a96c-08002728f74c
Discovery 2020-09-09
Entry 2020-09-12

Ruby on Rails blog:

Rails 5.2.4.4 and 6.0.3.3 have been released! These releases contain an important security fix, so please upgrade when you can.

Both releases contain the following fix: [CVE-2020-15169] Potential XSS vulnerability in Action View

References

CVE Name CVE-2020-15169
URL https://github.com/rails/rails/blob/5-2-stable/actionview/CHANGELOG.md
URL https://github.com/rails/rails/blob/6-0-stable/actionview/CHANGELOG.md
URL https://groups.google.com/forum/#!topic/rubyonrails-security/b-C9kSGXYrc
URL https://weblog.rubyonrails.org/2020/9/10/Rails-5-2-4-4-and-6-0-3-3-have-been-released/