Andrew Carpenter

**Name of the Vulnerable Software and Affected Versions** Ruby on Rails versions 3.x before 3.2.22.3 Ruby on Rails versions 4.x before 4.2.7.1 Ruby on Rails versions 5.x before 5.0.0.1 **Description** A cross-site scripting (XSS) issue in Action View in Ruby on Rails might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers. **Recommendations** For Ruby on Rails versions 3.x before 3.2.22.3, update to version 3.2.22.3 or later. For Ruby on Rails versions 4.x before 4.2.7.1, update to version 4.2.7.1 or later. For Ruby on Rails versions 5.x before 5.0.0.1, update to version 5.0.0.1 or later.