Viewcomponent
Approved changes feed: RSS · Atom
cpe:2.3:a:github:viewcomponent:*:*:*:*:*:ruby_on_rails:*:*
part: a version: * update: *
| Vendor | Github (b5027ca2-9bb9-532e-8779-8399b14c3e3b) |
|---|---|
| Product | Viewcomponent (0581ed42-62d4-55a5-abe1-aa7d7bb7cb5c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | ruby_on_rails |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-24722 |
vulnerable | 2026-06-03 14:46:31.033031 |
Cross-site Scripting in view_component
HIGH (8.1)
VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them.
Published: 2022-03-02T22:40:11.000Z
Updated: 2025-04-23T18:59:13.837Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.