CVE-2016-6316: actionview Cross-site Scripting vulnerability
6.1
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.83687%
CWE
Published
10/24/2017
Updated
11/6/2023
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
actionview | rubygems | >= 3.0.0, <= 3.2.22.2 | 3.2.22.3 |
actionview | rubygems | >= 4.0.0, <= 4.2.7 | 4.2.7.1 |
actionview | rubygems | = 5.0.0 | 5.0.0.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from how HTML-safe strings were handled in tag attributes. The tag_options method in TagHelper is responsible for converting hash options to HTML attributes. When values were marked as HTML-safe (via .html_safe or sanitize), quote characters in attribute values were not properly escaped. This allowed attackers to break out of attribute contexts and inject arbitrary scripts. The patches for this CVE specifically modified tag_options handling to ensure quote escaping even for HTML-safe strings, confirming this as the vulnerable function.