actiontext (RubyGems) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the RubyGems package actiontext, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2024-47888: Action Text brings rich text content and editing to Rails. Starting in version 6.0.0 and prior to versions 6.1.7.9, 7.0.8.5, 7.1.4.1, and…
CVE-2024-43368 — CVSS 6.5 (medium): The Trix editor, versions prior to 2.1.4, is vulnerable to XSS when pasting malicious code. This vulnerability is a bypass of the fix put…
CVE-2024-32464 — CVSS 6.1 (medium): Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a…
CVE-2024-34341 — CVSS 5.4 (medium): Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting…