Cyberlanc3R

**Name of the Vulnerable Software and Affected Versions** view component versions 3.0.0 through 4.8.x **Description** The preview route derives an example name from the URL and invokes it using `public send` without verifying if the requested method is an explicitly defined preview example. This allows inherited public methods on `ViewComponent::Preview` to be reachable via routes. Specifically, the `render with template()` function can be accessed, which accepts `template:` and `locals:` parameters. These values can be supplied via request parameters and passed to Rails as `render template:`. If previews are exposed, an attacker can render internal Rails templates that are not otherwise routable, potentially exposing secrets, configuration, debug data, or admin-only partials. **Recommendations** Update view component to version 4.9.0. As a temporary workaround, restrict external access to preview routes to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** view component versions 3.0.0 through 4.8.9 **Description** The system test entrypoint canonicalizes a user-controlled file path using `File.realpath` and verifies if the resolved path starts with the temporary directory path. This containment check is insufficient because sibling directories sharing the same string prefix can bypass the validation. An attacker can use the `file` parameter in the '/ system test entrypoint' endpoint to access and render files located in sibling directories outside the intended temporary directory. This issue is specifically scoped to the test route, which is typically mounted only when the environment is set to test mode. **Recommendations** Update to version 4.9.0. As a temporary workaround, restrict access to the '/ system test entrypoint' endpoint to minimize the risk of exploitation.