View Component
Approved changes feed: RSS · Atom
cpe:2.3:a:github:view_component:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Github (b5027ca2-9bb9-532e-8779-8399b14c3e3b) |
|---|---|
| Product | View Component (ccb6e0c6-9d5b-550e-9ed5-c526e2d06492) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-24722 |
vulnerable | 2026-06-03 14:46:31.031687 |
Cross-site Scripting in view_component
HIGH (8.1)
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them.
Published: 2022-03-02T22:40:11.000Z
Updated: 2025-04-23T18:59:13.837Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.