There is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. External Reference: https://www.openwall.com/lists/oss-security/2020/03/19/1
Created rubygem-actionview tracking bugs for this issue: Affects: fedora-all [bug 1831531]
Statement: Red Hat CloudForms and Satellite ship affected RubyGem actionview with methods, however, those are not vulnerable since none of those uses template string enclosed with backtick characters. A future update may fix affected RubyGem.
This issue has been addressed in the following products: Red Hat Satellite 6.7 for RHEL 8 Via RHSA-2020:4366 https://access.redhat.com/errata/RHSA-2020:4366
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-5267