VDB
CVE-2020-5267
CVE-2020-5267
PUBLISHED
In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
EPSS 0.89% · 75.8th percentile
Risk Scores
EPSS Score
0.89%
75.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | rails | *, 2:4.2.10-0ubuntu4+esm1, 2:4.2.10-0ubuntu4+esm2 |
| Ubuntu:Pro:16.04:LTS | rails | 2:4.2.6-1ubuntu0.1~esm1, 2:4.2.6-1ubuntu0.1~esm2, 2:4.2.6-1 |
| Ubuntu:Pro:20.04:LTS | rails | 0, *, 2:5.2.3+dfsg-3ubuntu0.1~esm1 |
Timeline
- Mar 19, 2020 CVE Published
- Oct 5, 2020 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-5267 third-party-advisory
- https://www.openwall.com/lists/oss-security/2020/03/19/1 third-party-advisory
- http://www.openwall.com/lists/oss-security/2020/03/19/1 third-party-advisory
- https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a third-party-advisory
- https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv third-party-advisory
- https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-5267 third-party-advisory