actionpack from the Ruby on Rails project is vulnerable to Cross-site Scripting in the Route Error Page. This issue has been patched with this commit. There are no known workarounds for this issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-…