Bugzilla – Bug 1176421
VUL-0: CVE-2020-15169: rubygem-actionview-4_2,rubygem-actionview-5_1: rubygem-activeview: Cross-site scripting in translation helpers
Last modified: 2022-09-28 16:39:29 UTC
A flaw was found in rubygem-actionview before versions 126.96.36.199 and 188.8.131.52. When an HTML-unsafe string is passed as the default for a missing translation key, the default string is incorrectly marked as HTML-safe and not escaped.
SUSE-SU-2020:2686-1: An update that fixes one vulnerability is now available.
Category: security (important)
Bug References: 1176421
CVE References: CVE-2020-15169
SUSE OpenStack Cloud Crowbar 9 (src): rubygem-actionview-4_2-4.2.9-9.12.1
SUSE OpenStack Cloud Crowbar 8 (src): rubygem-actionview-4_2-4.2.9-9.12.1
SUSE OpenStack Cloud 7 (src): rubygem-actionview-4_2-4.2.9-9.12.1
SUSE OpenStack Cloud 6-LTSS (src): rubygem-actionview-4_2-4.2.9-9.12.1
NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Fix released. Assigning to security for final checking.