viewcomponent 漏洞与 CVE 列表(2)

产品(CPE): — CVE 数: 2

viewcomponent 漏洞概览

viewcomponent 相关的公开 CVE 漏洞与安全风险信息,提供 CVSS、EPSS、公开时间与漏洞情报数据,帮助评估潜在风险与修复优先级。

漏洞分布趋势(近 24 个月)

显示 122 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2026-44837 view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. This is not a safe containment check because sibling directories can share the same string prefix. This vulnerability is fixed in 4.9.0. [email protected] 5.9 0.37% 2026-05-26 2026-06-17
CVE-2024-21636 view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-de [email protected] 6.1 0.50% 2024-01-04 2026-06-17
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence