There is a possible XSS vulnerability in Action View tag helpers. Passing untrusted input as hash keys can lead to a possible XSS vulnerability.
Created rubygem-actionview tracking bugs for this issue:
Affects: fedora-all [bug 2080297]
Note that on current Fedora rawhide, the rubygem-actionview version is 22.214.171.124-1, while it will be fixed at rubygem-actionview 126.96.36.199.
This issue has been addressed in the following products:
Red Hat Satellite 6.13 for RHEL 8
Via RHSA-2023:2097 https://access.redhat.com/errata/RHSA-2023:2097
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):