FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Rails -- XSS vulnerabilities

Affected packages
rubygem-actionpack52 < 5.2.7.1
rubygem-actionpack60 < 6.0.4.8
rubygem-actionpack61 < 6.1.5.1
rubygem-actionpack70 < 7.0.2.4
rubygem-actionview52 < 5.2.7.1
rubygem-actionview60 < 6.0.4.8
rubygem-actionview61 < 6.1.5.1
rubygem-actionview70 < 7.0.2.4

Details

VuXML ID 9db93f3d-c725-11ec-9618-000d3ac47524
Discovery 2022-04-26
Entry 2022-04-30

Ruby on Rails blog:

This is an announcement to let you know that Rails 7.0.2.4, 6.1.5.1, 6.0.4.8, and 5.2.7.1 have been released!

These are security releases so please update as soon as you can. Once again we've made these releases based on the last release tag, so hopefully upgrading will go smoothly.

The releases address two vulnerabilities, CVE-2022-22577, and CVS-2022-27777. They are both XSS vulnerabilities, so please take a look at the forum posts to see how (or if) they might possibly impact your application.

[source]

References

CVE Name CVE-2022-22577
CVE Name CVE-2022-27777
URL https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.