CVE-2020-16254

Injection Vulnerability in gem/chartkick

Identifiers

CVE-2020-16254

Package Slug

gem/chartkick

Vulnerability

Injection Vulnerability

Description

The Chartkick gem for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).

Affected Versions

All versions up to 3.3.2

Solution

Upgrade to version 3.4.0 or above.

Last Modified

2020-08-07

source