CVE-2022-24722

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-24722

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24722.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-24722

Aliases

GHSA-cm9w-c4rj-r2cf

Withdrawn

2024-05-15T05:33:29.433948Z

Published

2022-03-02T23:15:09Z

Modified

2023-11-29T09:28:54.089370Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the translate method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the translate function, or sanitize the inputs before passing them.

References

Affected packages

Git / github.com/ViewComponent/view_component

Affected ranges

Type: GIT
Repo: https://github.com/ViewComponent/view_component
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3f82a6e62578ff6f361aba24a1feb2caccf83ff9

Type: GIT
Repo: https://github.com/github/view_component
Events: Introduced

b436bd26989a82ced092f72e203e62dc9d8f1dbd

Fixed

b8a5f4a97f78d60293f57aa12765a0f0007247d4

Introduced

73051f692acfcbe8f3535ef4952e1c1df2d86887

Affected versions

2.*

2.23.0

v1.*

v1.0.0

v1.0.1

v1.1

v1.1.0

v1.10.0

v1.11.0

v1.11.1

v1.12.0

v1.13.0

v1.14.0

v1.14.1

v1.15.0

v1.16.0

v1.17.0

v1.2.0

v1.2.1

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.4.0

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.8.0

v1.8.1

v1.9.0

v2.*

v2.0.0

v2.1.0

v2.10.0

v2.11.0

v2.11.1

v2.12.0

v2.13.0

v2.14.0

v2.14.1

v2.15.0

v2.16.0

v2.17.0

v2.17.1

v2.18.0

v2.18.1

v2.18.2

v2.19.0

v2.19.1

v2.2.0

v2.2.1

v2.2.2

v2.20.0

v2.21.0

v2.22.0

v2.22.1

v2.23.1

v2.23.2

v2.24.0

v2.25.0

v2.25.1

v2.26.0

v2.26.1

v2.27.0

v2.28.0

v2.29.0

v2.3.0

v2.30.0

v2.31.0

v2.31.1

v2.32.0

v2.33.0

v2.34.0

v2.35.0

v2.36.0

v2.37.0

v2.38.0

v2.39.0

v2.4.0

v2.40.0

v2.41.0

v2.42.0

v2.43.0

v2.43.1

v2.44.0

v2.45.0

v2.46.0

v2.47.0

v2.48.0

v2.49.0

v2.5.0

v2.5.1

v2.6.0

v2.7.0

v2.8.0

v2.9.0