摘要:
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in _html , a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1.
安全等级: Low
公告ID: KylinSec-SA-2024-2207
发布日期: 2024年5月27日
关联CVE: CVE-2024-26143
Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in _html , a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-26143 | KY3.4-4A | rubygem-actionpack | Unaffected |
| CVE-2024-26143 | KY3.4-5 | rubygem-actionpack | Unaffected |
| CVE-2024-26143 | KY3.5.1 | rubygem-actionpack | Unaffected |
| CVE-2024-26143 | KY3.5.2 | rubygem-actionpack | Unaffected |
