Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-5267 PoC — Possible XSS vulnerability in ActionView

Source
https://github.com/GUI/legacy-rails-CVE-2020-5267-patch
Associated Vulnerability
Title:Possible XSS vulnerability in ActionView (CVE-2020-5267)
Description:In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.
Description
Patch CVE-2020-5267 for Rails 4 and Rails 3
Readme
# legacy-rails-CVE-2020-5267-patch

[![CI](https://github.com/GUI/legacy-rails-CVE-2020-5267-patch/workflows/CI/badge.svg)](https://github.com/GUI/legacy-rails-CVE-2020-5267-patch/actions?workflow=CI)

A patch for [CVE-2020-5267](https://github.com/advisories/GHSA-65cv-r6x7-79hv) for Rails 4 and Rails 3. Upgrading Rails would definitely be better, but in the meantime if you're stuck on older versions of Rails, this provides the monkey patch noted in the security advisory packaged and tested as a gem.

## Installation

Add this line to your application's Gemfile:

```ruby
gem 'legacy-rails-CVE-2020-5267-patch'
```

And then execute:

```
$ bundle install
```
File Snapshot

 [4.0K]  /data/pocs/46e24f325c1381e6bc7b61de85b4e7670fca8b98
├── [ 111]  Appraisals
├── [4.0K]  bin
│   ├── [ 367]  console
│   └── [ 131]  setup
├── [  98]  CHANGELOG.md
├── [ 165]  Gemfile
├── [2.8K]  Gemfile.lock
├── [4.0K]  gemfiles
│   ├── [ 164]  rails_3.2.gemfile
│   ├── [2.3K]  rails_3.2.gemfile.lock
│   ├── [ 164]  rails_4.2.gemfile
│   └── [2.8K]  rails_4.2.gemfile.lock
├── [1.5K]  legacy-rails-CVE-2020-5267-patch.gemspec
├── [4.0K]  lib
│   ├── [4.0K]  legacy-rails-CVE-2020-5267-patch
│   │   └── [  59]  version.rb
│   └── [ 611]  legacy-rails-CVE-2020-5267-patch.rb
├── [1.1K]  LICENSE.txt
├── [ 198]  Rakefile
├── [ 666]  README.md
└── [4.0K]  test
    ├── [1.9K]  patch_test.rb
    └── [ 126]  test_helper.rb

5 directories, 18 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →