CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-21636

view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 and 2.83.0 have been released and fully mitigate both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.0%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2024-21636

Viewcomponent » View Component » Version: N/A

cpe:2.3:a:viewcomponent:view_component:-
Viewcomponent » View Component » Version: 1.0.0

cpe:2.3:a:viewcomponent:view_component:1.0.0
Viewcomponent » View Component » Version: 1.0.1

cpe:2.3:a:viewcomponent:view_component:1.0.1
Viewcomponent » View Component » Version: 1.1

cpe:2.3:a:viewcomponent:view_component:1.1
Viewcomponent » View Component » Version: 1.1.0

cpe:2.3:a:viewcomponent:view_component:1.1.0
Viewcomponent » View Component » Version: 1.10.0

cpe:2.3:a:viewcomponent:view_component:1.10.0
Viewcomponent » View Component » Version: 1.11.0

cpe:2.3:a:viewcomponent:view_component:1.11.0
Viewcomponent » View Component » Version: 1.11.1

cpe:2.3:a:viewcomponent:view_component:1.11.1
Viewcomponent » View Component » Version: 1.12.0

cpe:2.3:a:viewcomponent:view_component:1.12.0
Viewcomponent » View Component » Version: 1.13.0

cpe:2.3:a:viewcomponent:view_component:1.13.0
Viewcomponent » View Component » Version: 1.14.0

cpe:2.3:a:viewcomponent:view_component:1.14.0
Viewcomponent » View Component » Version: 1.14.1

cpe:2.3:a:viewcomponent:view_component:1.14.1
Viewcomponent » View Component » Version: 1.15.0

cpe:2.3:a:viewcomponent:view_component:1.15.0
Viewcomponent » View Component » Version: 1.16.0

cpe:2.3:a:viewcomponent:view_component:1.16.0
Viewcomponent » View Component » Version: 1.17.0

cpe:2.3:a:viewcomponent:view_component:1.17.0
Viewcomponent » View Component » Version: 1.2.0

cpe:2.3:a:viewcomponent:view_component:1.2.0
Viewcomponent » View Component » Version: 1.2.1

cpe:2.3:a:viewcomponent:view_component:1.2.1
Viewcomponent » View Component » Version: 1.3.0

cpe:2.3:a:viewcomponent:view_component:1.3.0
Viewcomponent » View Component » Version: 1.3.1

cpe:2.3:a:viewcomponent:view_component:1.3.1
Viewcomponent » View Component » Version: 1.3.2

cpe:2.3:a:viewcomponent:view_component:1.3.2
Viewcomponent » View Component » Version: 1.3.3

cpe:2.3:a:viewcomponent:view_component:1.3.3
Viewcomponent » View Component » Version: 1.3.4

cpe:2.3:a:viewcomponent:view_component:1.3.4
Viewcomponent » View Component » Version: 1.3.5

cpe:2.3:a:viewcomponent:view_component:1.3.5
Viewcomponent » View Component » Version: 1.3.6

cpe:2.3:a:viewcomponent:view_component:1.3.6
Viewcomponent » View Component » Version: 1.4.0

cpe:2.3:a:viewcomponent:view_component:1.4.0
Viewcomponent » View Component » Version: 1.5.0

cpe:2.3:a:viewcomponent:view_component:1.5.0
Viewcomponent » View Component » Version: 1.5.1

cpe:2.3:a:viewcomponent:view_component:1.5.1
Viewcomponent » View Component » Version: 1.5.2

cpe:2.3:a:viewcomponent:view_component:1.5.2
Viewcomponent » View Component » Version: 1.5.3

cpe:2.3:a:viewcomponent:view_component:1.5.3
Viewcomponent » View Component » Version: 1.6.0

cpe:2.3:a:viewcomponent:view_component:1.6.0
Viewcomponent » View Component » Version: 1.6.1

cpe:2.3:a:viewcomponent:view_component:1.6.1
Viewcomponent » View Component » Version: 1.6.2

cpe:2.3:a:viewcomponent:view_component:1.6.2
Viewcomponent » View Component » Version: 1.7.0

cpe:2.3:a:viewcomponent:view_component:1.7.0
Viewcomponent » View Component » Version: 1.8.0

cpe:2.3:a:viewcomponent:view_component:1.8.0
Viewcomponent » View Component » Version: 1.8.1

cpe:2.3:a:viewcomponent:view_component:1.8.1
Viewcomponent » View Component » Version: 1.9.0

cpe:2.3:a:viewcomponent:view_component:1.9.0
Viewcomponent » View Component » Version: 2.0.0

cpe:2.3:a:viewcomponent:view_component:2.0.0
Viewcomponent » View Component » Version: 2.1.0

cpe:2.3:a:viewcomponent:view_component:2.1.0
Viewcomponent » View Component » Version: 2.10.0

cpe:2.3:a:viewcomponent:view_component:2.10.0
Viewcomponent » View Component » Version: 2.11.0

cpe:2.3:a:viewcomponent:view_component:2.11.0
Viewcomponent » View Component » Version: 2.11.1

cpe:2.3:a:viewcomponent:view_component:2.11.1
Viewcomponent » View Component » Version: 2.12.0

cpe:2.3:a:viewcomponent:view_component:2.12.0
Viewcomponent » View Component » Version: 2.13.0

cpe:2.3:a:viewcomponent:view_component:2.13.0
Viewcomponent » View Component » Version: 2.14.0

cpe:2.3:a:viewcomponent:view_component:2.14.0
Viewcomponent » View Component » Version: 2.14.1

cpe:2.3:a:viewcomponent:view_component:2.14.1
Viewcomponent » View Component » Version: 2.15.0

cpe:2.3:a:viewcomponent:view_component:2.15.0
Viewcomponent » View Component » Version: 2.16.0

cpe:2.3:a:viewcomponent:view_component:2.16.0
Viewcomponent » View Component » Version: 2.17.0

cpe:2.3:a:viewcomponent:view_component:2.17.0
Viewcomponent » View Component » Version: 2.17.1

cpe:2.3:a:viewcomponent:view_component:2.17.1
Viewcomponent » View Component » Version: 2.18.0

cpe:2.3:a:viewcomponent:view_component:2.18.0
Viewcomponent » View Component » Version: 2.18.1

cpe:2.3:a:viewcomponent:view_component:2.18.1
Viewcomponent » View Component » Version: 2.18.2

cpe:2.3:a:viewcomponent:view_component:2.18.2
Viewcomponent » View Component » Version: 2.19.0

cpe:2.3:a:viewcomponent:view_component:2.19.0
Viewcomponent » View Component » Version: 2.19.1

cpe:2.3:a:viewcomponent:view_component:2.19.1
Viewcomponent » View Component » Version: 2.2.0

cpe:2.3:a:viewcomponent:view_component:2.2.0
Viewcomponent » View Component » Version: 2.2.1

cpe:2.3:a:viewcomponent:view_component:2.2.1
Viewcomponent » View Component » Version: 2.2.2

cpe:2.3:a:viewcomponent:view_component:2.2.2
Viewcomponent » View Component » Version: 2.20.0

cpe:2.3:a:viewcomponent:view_component:2.20.0
Viewcomponent » View Component » Version: 2.21.0

cpe:2.3:a:viewcomponent:view_component:2.21.0
Viewcomponent » View Component » Version: 2.22.0

cpe:2.3:a:viewcomponent:view_component:2.22.0
Viewcomponent » View Component » Version: 2.22.1

cpe:2.3:a:viewcomponent:view_component:2.22.1
Viewcomponent » View Component » Version: 2.23.0

cpe:2.3:a:viewcomponent:view_component:2.23.0
Viewcomponent » View Component » Version: 2.23.1

cpe:2.3:a:viewcomponent:view_component:2.23.1
Viewcomponent » View Component » Version: 2.23.2

cpe:2.3:a:viewcomponent:view_component:2.23.2
Viewcomponent » View Component » Version: 2.24.0

cpe:2.3:a:viewcomponent:view_component:2.24.0
Viewcomponent » View Component » Version: 2.25.0

cpe:2.3:a:viewcomponent:view_component:2.25.0
Viewcomponent » View Component » Version: 2.25.1

cpe:2.3:a:viewcomponent:view_component:2.25.1
Viewcomponent » View Component » Version: 2.26.0

cpe:2.3:a:viewcomponent:view_component:2.26.0
Viewcomponent » View Component » Version: 2.26.1

cpe:2.3:a:viewcomponent:view_component:2.26.1
Viewcomponent » View Component » Version: 2.27.0

cpe:2.3:a:viewcomponent:view_component:2.27.0
Viewcomponent » View Component » Version: 2.28.0

cpe:2.3:a:viewcomponent:view_component:2.28.0
Viewcomponent » View Component » Version: 2.29.0

cpe:2.3:a:viewcomponent:view_component:2.29.0
Viewcomponent » View Component » Version: 2.3.0

cpe:2.3:a:viewcomponent:view_component:2.3.0
Viewcomponent » View Component » Version: 2.30.0

cpe:2.3:a:viewcomponent:view_component:2.30.0
Viewcomponent » View Component » Version: 2.31.0

cpe:2.3:a:viewcomponent:view_component:2.31.0
Viewcomponent » View Component » Version: 2.31.1

cpe:2.3:a:viewcomponent:view_component:2.31.1
Viewcomponent » View Component » Version: 2.31.2

cpe:2.3:a:viewcomponent:view_component:2.31.2
Viewcomponent » View Component » Version: 2.32.0

cpe:2.3:a:viewcomponent:view_component:2.32.0
Viewcomponent » View Component » Version: 2.33.0

cpe:2.3:a:viewcomponent:view_component:2.33.0
Viewcomponent » View Component » Version: 2.34.0

cpe:2.3:a:viewcomponent:view_component:2.34.0
Viewcomponent » View Component » Version: 2.35.0

cpe:2.3:a:viewcomponent:view_component:2.35.0
Viewcomponent » View Component » Version: 2.36.0

cpe:2.3:a:viewcomponent:view_component:2.36.0
Viewcomponent » View Component » Version: 2.37.0

cpe:2.3:a:viewcomponent:view_component:2.37.0
Viewcomponent » View Component » Version: 2.38.0

cpe:2.3:a:viewcomponent:view_component:2.38.0
Viewcomponent » View Component » Version: 2.39.0

cpe:2.3:a:viewcomponent:view_component:2.39.0
Viewcomponent » View Component » Version: 2.4.0

cpe:2.3:a:viewcomponent:view_component:2.4.0
Viewcomponent » View Component » Version: 2.40.0

cpe:2.3:a:viewcomponent:view_component:2.40.0
Viewcomponent » View Component » Version: 2.41.0

cpe:2.3:a:viewcomponent:view_component:2.41.0
Viewcomponent » View Component » Version: 2.42.0

cpe:2.3:a:viewcomponent:view_component:2.42.0
Viewcomponent » View Component » Version: 2.43.0

cpe:2.3:a:viewcomponent:view_component:2.43.0
Viewcomponent » View Component » Version: 2.43.1

cpe:2.3:a:viewcomponent:view_component:2.43.1
Viewcomponent » View Component » Version: 2.44.0

cpe:2.3:a:viewcomponent:view_component:2.44.0
Viewcomponent » View Component » Version: 2.45.0

cpe:2.3:a:viewcomponent:view_component:2.45.0
Viewcomponent » View Component » Version: 2.46.0

cpe:2.3:a:viewcomponent:view_component:2.46.0
Viewcomponent » View Component » Version: 2.47.0

cpe:2.3:a:viewcomponent:view_component:2.47.0
Viewcomponent » View Component » Version: 2.48.0

cpe:2.3:a:viewcomponent:view_component:2.48.0
Viewcomponent » View Component » Version: 2.49.0

cpe:2.3:a:viewcomponent:view_component:2.49.0
Viewcomponent » View Component » Version: 2.49.1

cpe:2.3:a:viewcomponent:view_component:2.49.1
Viewcomponent » View Component » Version: 2.5.0

cpe:2.3:a:viewcomponent:view_component:2.5.0
Viewcomponent » View Component » Version: 2.5.1

cpe:2.3:a:viewcomponent:view_component:2.5.1
Viewcomponent » View Component » Version: 2.50.0

cpe:2.3:a:viewcomponent:view_component:2.50.0
Viewcomponent » View Component » Version: 2.51.0

cpe:2.3:a:viewcomponent:view_component:2.51.0
Viewcomponent » View Component » Version: 2.52.0

cpe:2.3:a:viewcomponent:view_component:2.52.0
Viewcomponent » View Component » Version: 2.53.0

cpe:2.3:a:viewcomponent:view_component:2.53.0
Viewcomponent » View Component » Version: 2.54.0

cpe:2.3:a:viewcomponent:view_component:2.54.0
Viewcomponent » View Component » Version: 2.54.1

cpe:2.3:a:viewcomponent:view_component:2.54.1
Viewcomponent » View Component » Version: 2.55.0

cpe:2.3:a:viewcomponent:view_component:2.55.0
Viewcomponent » View Component » Version: 2.56.0

cpe:2.3:a:viewcomponent:view_component:2.56.0
Viewcomponent » View Component » Version: 2.56.1

cpe:2.3:a:viewcomponent:view_component:2.56.1
Viewcomponent » View Component » Version: 2.56.2

cpe:2.3:a:viewcomponent:view_component:2.56.2
Viewcomponent » View Component » Version: 2.57.0

cpe:2.3:a:viewcomponent:view_component:2.57.0
Viewcomponent » View Component » Version: 2.57.1

cpe:2.3:a:viewcomponent:view_component:2.57.1
Viewcomponent » View Component » Version: 2.58.0

cpe:2.3:a:viewcomponent:view_component:2.58.0
Viewcomponent » View Component » Version: 2.59.0

cpe:2.3:a:viewcomponent:view_component:2.59.0
Viewcomponent » View Component » Version: 2.6.0

cpe:2.3:a:viewcomponent:view_component:2.6.0
Viewcomponent » View Component » Version: 2.60.0

cpe:2.3:a:viewcomponent:view_component:2.60.0
Viewcomponent » View Component » Version: 2.61.0

cpe:2.3:a:viewcomponent:view_component:2.61.0
Viewcomponent » View Component » Version: 2.61.1

cpe:2.3:a:viewcomponent:view_component:2.61.1
Viewcomponent » View Component » Version: 2.62.0

cpe:2.3:a:viewcomponent:view_component:2.62.0
Viewcomponent » View Component » Version: 2.63.0

cpe:2.3:a:viewcomponent:view_component:2.63.0
Viewcomponent » View Component » Version: 2.64.0

cpe:2.3:a:viewcomponent:view_component:2.64.0
Viewcomponent » View Component » Version: 2.65.0

cpe:2.3:a:viewcomponent:view_component:2.65.0
Viewcomponent » View Component » Version: 2.66.0

cpe:2.3:a:viewcomponent:view_component:2.66.0
Viewcomponent » View Component » Version: 2.67.0

cpe:2.3:a:viewcomponent:view_component:2.67.0
Viewcomponent » View Component » Version: 2.68.0

cpe:2.3:a:viewcomponent:view_component:2.68.0
Viewcomponent » View Component » Version: 2.69.0

cpe:2.3:a:viewcomponent:view_component:2.69.0
Viewcomponent » View Component » Version: 2.7.0

cpe:2.3:a:viewcomponent:view_component:2.7.0
Viewcomponent » View Component » Version: 2.70.0

cpe:2.3:a:viewcomponent:view_component:2.70.0
Viewcomponent » View Component » Version: 2.71.0

cpe:2.3:a:viewcomponent:view_component:2.71.0
Viewcomponent » View Component » Version: 2.72.0

cpe:2.3:a:viewcomponent:view_component:2.72.0
Viewcomponent » View Component » Version: 2.73.0

cpe:2.3:a:viewcomponent:view_component:2.73.0
Viewcomponent » View Component » Version: 2.74.0

cpe:2.3:a:viewcomponent:view_component:2.74.0
Viewcomponent » View Component » Version: 2.74.1

cpe:2.3:a:viewcomponent:view_component:2.74.1
Viewcomponent » View Component » Version: 2.75.0

cpe:2.3:a:viewcomponent:view_component:2.75.0
Viewcomponent » View Component » Version: 2.76.0

cpe:2.3:a:viewcomponent:view_component:2.76.0
Viewcomponent » View Component » Version: 2.77.0

cpe:2.3:a:viewcomponent:view_component:2.77.0
Viewcomponent » View Component » Version: 2.78.0

cpe:2.3:a:viewcomponent:view_component:2.78.0
Viewcomponent » View Component » Version: 2.79.0

cpe:2.3:a:viewcomponent:view_component:2.79.0
Viewcomponent » View Component » Version: 2.8.0

cpe:2.3:a:viewcomponent:view_component:2.8.0
Viewcomponent » View Component » Version: 2.80.0

cpe:2.3:a:viewcomponent:view_component:2.80.0
Viewcomponent » View Component » Version: 2.81.0

cpe:2.3:a:viewcomponent:view_component:2.81.0
Viewcomponent » View Component » Version: 2.82.0

cpe:2.3:a:viewcomponent:view_component:2.82.0
Viewcomponent » View Component » Version: 2.9.0

cpe:2.3:a:viewcomponent:view_component:2.9.0
Viewcomponent » View Component » Version: 3.0.0

cpe:2.3:a:viewcomponent:view_component:3.0.0
Viewcomponent » View Component » Version: 3.1.0

cpe:2.3:a:viewcomponent:view_component:3.1.0
Viewcomponent » View Component » Version: 3.2.0

cpe:2.3:a:viewcomponent:view_component:3.2.0
Viewcomponent » View Component » Version: 3.3.0

cpe:2.3:a:viewcomponent:view_component:3.3.0
Viewcomponent » View Component » Version: 3.4.0

cpe:2.3:a:viewcomponent:view_component:3.4.0
Viewcomponent » View Component » Version: 3.5.0

cpe:2.3:a:viewcomponent:view_component:3.5.0
Viewcomponent » View Component » Version: 3.6.0

cpe:2.3:a:viewcomponent:view_component:3.6.0
Viewcomponent » View Component » Version: 3.7.0

cpe:2.3:a:viewcomponent:view_component:3.7.0
Viewcomponent » View Component » Version: 3.8.0

cpe:2.3:a:viewcomponent:view_component:3.8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-21636

Products

Pricing

Contact Us