CVE-2024-39308
CVSS V2 None
CVSS V3 None
Description
RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 (to be released).
Overview
- CVE ID
- CVE-2024-39308
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-08T14:33:55.144Z
- Last Modified Date
- 2024-07-08T14:33:55.144Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/railsadminteam/rails_admin/security/advisories/GHSA-8qgm-g2vv-vwvc | x_refsource_CONFIRM |
https://github.com/railsadminteam/rails_admin/issues/3686 | x_refsource_MISC |
https://github.com/railsadminteam/rails_admin/commit/b5a287d82e2cbd1737a1a01e11ede2911cce7fef | x_refsource_MISC |
https://github.com/railsadminteam/rails_admin/commit/d84b39884059c4ed50197cec8522cca029a17673 | x_refsource_MISC |
https://rubygems.org/gems/rails_admin/versions/2.3.0 | x_refsource_MISC |
https://rubygems.org/gems/rails_admin/versions/3.1.3 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-39308 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39308 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-07-09 13:14:35 | Added to TrackCVE |