Kaminari · Kaminari · CVE-2020-11082
**Name of the Vulnerable Software and Affected Versions**
Kaminari versions prior to 1.2.1
**Description**
The issue allows an attacker to inject arbitrary code into pages with pagination links. This has been fixed in version 1.2.1.
**Recommendations**
For versions prior to 1.2.1, update to version 1.2.1 to resolve the issue.
As a temporary workaround, application developers who can't update the gem can override the `PARAM KEY EXCEPT LIST` constant by adding the following code:
```ruby
module Kaminari::Helpers
PARAM KEY EXCEPT LIST = [:authenticity token, :commit, :utf8, : method, :script name, :original script name].freeze
end
```