Rails Actionview vulnerabilities

CVE-2026-33168 [LOW] CWE-79 CVE-2026-33168: Action View provides conventions and helpers for building web pages with the Rails framework. Prior Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by t

CVE-2023-23913 [MEDIUM] CWE-79 rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements rails-ujs vulnerable to DOM Based Cross-site Scripting contenteditable HTML Elements NOTE: rails-ujs is part of Rails/actionview since 5.1.0. There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML co

CVE-2022-27777 [MEDIUM] CWE-79 XSS Vulnerability in Action View tag helpers XSS Vulnerability in Action View tag helpers There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2022-27777. Versions Affected: ALL Not affected: NONE Fixed Versions: 7.0.2.4, 6.1.5.1, 6.0.4.8, 5.2.7.1 ## Impact If untrusted data is passed as the hash key for tag att

CVE-2020-15169 [MEDIUM] CWE-79 CVE-2020-15169: In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) v In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a miss

CVE-2020-8163 [HIGH] CWE-94 Remote code execution via user-provided local names in ActionView Remote code execution via user-provided local names in ActionView The is a code injection vulnerability in versions of Rails prior to 5.0.1 that would allow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.

CVE-2020-8167 [MEDIUM] CWE-352 CSRF Vulnerability in rails-ujs CSRF Vulnerability in rails-ujs There is a vulnerability in rails-ujs that allows attackers to send CSRF tokens to wrong domains. Versions Affected: rails = 5.2.4.3, rails >= 6.0.3.1 Impact This is a regression of CVE-2015-1840. In the scenario where an attacker might be able to control the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action, the attacker can set the href or acti

CVE-2020-5267 [MEDIUM] CWE-80 CVE-2020-5267: In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionVi In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

CVE-2019-5419 [HIGH] CWE-400 Denial of Service Vulnerability in Action View Denial of Service Vulnerability in Action View # Denial of Service Vulnerability in Action View Impact Specially crafted accept headers can cause the Action View template location code to consume 100% CPU, causing the server unable to process requests. This impacts all Rails applications that render views. All users running an affected release should either upgrade or use one of the workarounds immediately. Releases

CVE-2019-5418 [HIGH] CWE-22 Path Traversal in Action View Path Traversal in Action View # File Content Disclosure in Action View Impact There is a possible file content disclosure vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents. The impact is limited to calls to `render` which render file contents without a specified accept format. Impacted cod

CVE-2016-0752 [HIGH] Moderate severity vulnerability that affects actionview Moderate severity vulnerability that affects actionview Withdrawn, accidental duplicate publish. Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete

CVE-2016-2097 [HIGH] CWE-22 actionview contains Path Traversal vulnerability actionview contains Path Traversal vulnerability There is a possible directory traversal and information leak vulnerability in Action View. This was meant to be fixed on CVE-2016-0752. However the 3.2 patch was not covering all possible scenarios. This vulnerability has been assigned the CVE identifier CVE-2016-2097. Versions Affected: 3.2.x, 4.0.x, 4.1.x Not affected: 4.2+ Fixed Versions: 3.2.22.2, 4.1.14.2 Impact A

CVE-2011-0446 [MEDIUM] CWE-79 Rails actionpack gem vulnerable to Cross-site Scripting Rails actionpack gem vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in the `mail_to` helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.

CVE-2016-6316 [MEDIUM] CWE-79 actionview Cross-site Scripting vulnerability actionview Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.