Impact
What kind of vulnerability is it? Who is impacted?
This is an XSS vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the translate method is not properly sanitized before display.
Patches
Has the problem been patched? What versions should users upgrade to?
Versions 2.29.1 and 2.49.1 have been released and fully mitigate the vulnerability.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Avoid passing user input to the translate function, or sanitize the inputs before passing them.
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory:
Impact
What kind of vulnerability is it? Who is impacted?
This is an XSS vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the
translatemethod is not properly sanitized before display.Patches
Has the problem been patched? What versions should users upgrade to?
Versions 2.29.1 and 2.49.1 have been released and fully mitigate the vulnerability.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Avoid passing user input to the
translatefunction, or sanitize the inputs before passing them.References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory: