There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability. References: https://github.com/rubysec/ruby-advisory-db/tree/master/gems/actionview/CVE-2022-27777.yml
Created rubygem-actionview tracking bugs for this issue: Affects: fedora-all [bug 2080297]
Note that on current Fedora rawhide, the rubygem-actionview version is 7.0.2.3-1, while it will be fixed at rubygem-actionview 7.0.2.4. https://src.fedoraproject.org/rpms/rubygem-actionview > rubygem-actionview-7.0.2.3-1.fc37
This issue has been addressed in the following products: Red Hat Satellite 6.13 for RHEL 8 Via RHSA-2023:2097 https://access.redhat.com/errata/RHSA-2023:2097
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-27777