VulnerableCode Package Details - pkg:gem/view_component@2.32

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/view_component@2.32

Essentials
History (1)

purl	pkg:gem/view_component@2.32
Tags	Ghost

Next non-vulnerable version	2.83.0
Latest non-vulnerable version	4.9.0
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-ga2g-htdr-7ken Aliases: CVE-2022-24722 GHSA-cm9w-c4rj-r2cf	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') VIewComponent is a framework for building view components in Ruby on Rails. Versions prior to 2.31.2 and 2.49.1 contain a cross-site scripting vulnerability that has the potential to impact anyone using translations with the view_component gem. Data received via user input and passed as an interpolation argument to the `translate` method is not properly sanitized before display. Versions 2.31.2 and 2.49.1 have been released and fully mitigate the vulnerability. As a workaround, avoid passing user input to the `translate` function, or sanitize the inputs before passing them.	2.49.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T16:14:46.305092+00:00	Ruby Importer	Affected by	VCID-ga2g-htdr-7ken	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/view_component/CVE-2022-24722.yml	38.6.0