actionpack from the Ruby on Rails project is vulnerable to Cross-site Scripting in the Route Error Page. This issue has been patched with this commit. There are no known workarounds for this issue. References https://nvd.nist.gov/vuln/detail/CVE-2022-3704 https://github.com/rails/rails/issues/46244 https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4 https://vuldb.com/?id.212319 https://github.com/rails/rails/pull/46269 https://github.com/advisories/GHSA-9chr-4fjh-5rgw