CVE-2022-3704

LOW 3.5

Ruby on Rails _table.html.erb cross site scripting

CVSS Score

3.5

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. NOTE: Maintainer declares that there isn’t a valid attack vector. The issue was wrongly reported as a security vulnerability by a non-member of the Rails team.

CWE	CWE-707
Vendor	unspecified
Product	ruby on rails
Published	Oct 26, 2022
Last Updated	Aug 3, 2024

Stay Ahead of the Next One

Get instant alerts for unspecified ruby on rails

Be the first to know when new low vulnerabilities affecting unspecified ruby on rails are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected Versions

unspecified / Ruby on Rails

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/rails/rails/issues/46244 github.com: https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4 vuldb.com: https://vuldb.com/?id.212319