actionview is a simple, battle-tested conventions and helpers for building web pages.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). An attacker might be able to set the href attribute of an anchor tag or the action attribute of a form tag that will trigger a POST action to a cross-origin URL.
This is a regression of CVE-2015-1840.
actionview to version 188.8.131.52, 184.108.40.206 or higher.