Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-5267

Опубликовано: 19 мар. 2020
Источник: redhat
CVSS3: 4.8
EPSS Низкий

Описание

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the j or escape_javascript methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

A flaw was found in rubygem-actionview. Views that use the j or escape_javascript methods may be susceptible to XSS attacks with ActionView's JavaScript literal escape helpers. The highest threat from this vulnerability is to data confidentiality and integrity.

Отчет

Red Hat CloudForms and Satellite ship affected RubyGem actionview with methods, however, those are not vulnerable since none of those uses template string enclosed with backtick characters. A future update may fix affected RubyGem.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5cfme-amazon-smartstateWill not fix
CloudForms Management Engine 5cfme-gemsetWill not fix
Red Hat Software Collectionsrh-ror50-rubygem-actionviewWill not fix
Red Hat Satellite 6.8 for RHEL 7ansible-collection-redhat-satelliteFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7ansiblerole-foreman_scap_clientFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7ansiblerole-insights-clientFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7ansiblerole-satellite-receptor-installerFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7ansible-runnerFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7candlepinFixedRHSA-2020:436627.10.2020
Red Hat Satellite 6.8 for RHEL 7createrepo_cFixedRHSA-2020:436627.10.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=1831528rubygem-actionview: views that use the `j` or `escape_javascript` methods are susceptible to XSS attacks

EPSS

Процентиль: 75%
0.00887
Низкий

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-5267

CVSS3: 4
ubuntu
почти 6 лет назад

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

nvd логотип

CVE-2020-5267

CVSS3: 4
nvd
почти 6 лет назад

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

debian логотип

CVE-2020-5267

CVSS3: 4
debian
почти 6 лет назад

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...

suse-cvrf логотип

openSUSE-SU-2020:0627-1

suse-cvrf
больше 5 лет назад

Security update for rubygem-actionview-5_1

suse-cvrf логотип

SUSE-SU-2020:1178-1

suse-cvrf
почти 6 лет назад

Security update for rubygem-actionview-5_1

EPSS

Процентиль: 75%
0.00887
Низкий

4.8 Medium

CVSS3

Уязвимость CVE-2020-5267