CVE-2024-39308: RailsAdmin Cross-site Scripting vulnerability in the list view
RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. The issue was originally reported in https://github.com/railsadminteam/rails_admin/issues/3686.
References
- github.com/advisories/GHSA-8qgm-g2vv-vwvc
- github.com/railsadminteam/rails_admin
- github.com/railsadminteam/rails_admin/commit/b5a287d82e2cbd1737a1a01e11ede2911cce7fef
- github.com/railsadminteam/rails_admin/commit/d84b39884059c4ed50197cec8522cca029a17673
- github.com/railsadminteam/rails_admin/issues/3686
- github.com/railsadminteam/rails_admin/security/advisories/GHSA-8qgm-g2vv-vwvc
- nvd.nist.gov/vuln/detail/CVE-2024-39308
- rubygems.org/gems/rails_admin/versions/2.3.0
- rubygems.org/gems/rails_admin/versions/3.1.3
Code Behaviors & Features
Detect and mitigate CVE-2024-39308 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →