{"vulnerability": "cve-2024-21636", "sightings": [{"uuid": "0ea86193-5280-4c78-b6f8-f372962d85f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21636", "type": "seen", "source": "https://t.me/ctinow/166064", "content": "https://ift.tt/4JYjhRq\nCVE-2024-21636 Exploit", "creation_timestamp": "2024-01-10T19:17:01.000000Z"}, {"uuid": "1a10beda-d859-4938-b913-1cae127119b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21636", "type": "seen", "source": "https://t.me/cibsecurity/74430", "content": "\u203c\ufe0fCVE-2024-21636\u203c\ufe0f\n\nviewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 have a crosssite scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the viewcomponent gem. Note that only components that define a call method i.e. instead of using a sidecar template are affected. The return value of the call method is not sanitized and can include userdefined content. In addition, the return value of the outputpostamble methodis not sanitized, which can also lead to crosssite scripting issues. Versions 3.9.0 has been released and fully mitigates both the call and the outputpostamble vulnerabilities. As a workaround, sanitize the return value of call.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-05T01:35:14.000000Z"}, {"uuid": "c367b498-9290-44c2-a392-98b0d88e2190", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-21636", "type": "seen", "source": "https://t.me/ctinow/163238", "content": "https://ift.tt/pFcoZQk\nCVE-2024-21636", "creation_timestamp": "2024-01-04T21:26:18.000000Z"}]}