XSS in Rails Actionview
CVE-2020-5267
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue…
EPSS: 0.009 (75.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.0 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Rails Actionview — versions < 5.2.4.2, >= 6.0.0, < 6.0.2.2
Weakness classification (CWE)
Public proof-of-concept exploits
References
- github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv (x_refsource_CONFIRM)
- github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a (x_refsource_MISC)
- [oss-security] 20200319 [CVE-2020-5267] Possible XSS vulnerability in ActionView (mailing-list, x_refsource_MLIST)
- [debian-lts-announce] 20200320 [SECURITY] [DLA 2149-1] rails security update (mailing-list, x_refsource_MLIST)
- openSUSE-SU-2020:0627 (vendor-advisory, x_refsource_SUSE)
- FEDORA-2020-4dd34860a3 (vendor-advisory, x_refsource_FEDORA)
Frequently asked questions
- What is CVE-2020-5267?
- CVE-2020-5267 is a medium-severity vulnerability in Rails Actionview, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 4.0/10. Published 2020-03-19.
- How severe is CVE-2020-5267?
- Medium severity. CVSS v3 base score is 4.0 out of 10.
- Is CVE-2020-5267 known to be exploited?
- 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.