VulnerableCode Package Details - pkg:gem/view_component@2.83.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/view_component@2.83.0

Essentials
History (1)

purl	pkg:gem/view_component@2.83.0

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-fk74-z1fr-1uem	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 has been released and fully mitigates both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`.	CVE-2024-21636 GHSA-wf2x-8w6j-qw37

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T16:46:47.290319+00:00	GithubOSV Importer	Fixing	VCID-fk74-z1fr-1uem	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-wf2x-8w6j-qw37/GHSA-wf2x-8w6j-qw37.json	38.6.0