Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/view_component@3.9.0
purl pkg:gem/view_component@3.9.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-fk74-z1fr-1uem Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 has been released and fully mitigates both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`. CVE-2024-21636
GHSA-wf2x-8w6j-qw37

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T16:46:47.218398+00:00 GithubOSV Importer Fixing VCID-fk74-z1fr-1uem https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-wf2x-8w6j-qw37/GHSA-wf2x-8w6j-qw37.json 38.6.0
2026-06-02T04:46:47.869701+00:00 GitLab Importer Fixing VCID-fk74-z1fr-1uem https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/view_component/CVE-2024-21636.yml 38.6.0