Lookup for vulnerable packages by Package URL.
| Purl | pkg:gem/actionpack@3.2.16 |
|---|
| Type | gem |
|---|
| Namespace | |
|---|
| Name | actionpack |
|---|
| Version | 3.2.16 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 3.2.17 |
|---|
| Latest_non_vulnerable_version | 7.1.3.1 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-464e-wb3p-j3dn |
| vulnerability_id |
VCID-464e-wb3p-j3dn |
| summary |
Reflective XSS Vulnerability
There is a vulnerability in the internationalisation component of Ruby on Rails. When the i18n gem is unable to provide a translation for a given string, it creates a fallback HTML string. Under certain common configurations this string can contain user input which would allow an attacker to execute a reflective XSS attack. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-4491
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-464e-wb3p-j3dn |
|
| 1 |
| url |
VCID-gadc-jens-nuga |
| vulnerability_id |
VCID-gadc-jens-nuga |
| summary |
Denial of Service Vulnerability in Action View
There is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-6414
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gadc-jens-nuga |
|
| 2 |
| url |
VCID-ghj9-vyyr-tub8 |
| vulnerability_id |
VCID-ghj9-vyyr-tub8 |
| summary |
XSS Vulnerability in number_to_currency
The number_to_currency helper allows users to nicely format a numeric value. The unit parameter is not escaped correctly. Application which pass user controlled data as the unit parameter are vulnerable to an XSS attack. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-6415
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ghj9-vyyr-tub8 |
|
| 3 |
| url |
VCID-z94j-z575-4ydx |
| vulnerability_id |
VCID-z94j-z575-4ydx |
| summary |
Incomplete fix to CVE-2013-0155 (Unsafe Query Generation Risk)
Due to the way that `Rack::Request` and `Rails::Request` interact, it is possible for a 3rd party or custom rack middleware to parse the parameters insecurely and store them in the same key that Rails uses for its own parameters. In the event that happens the application will receive unsafe parameters and could be vulnerable to the earlier vulnerability: it would be possible for an attacker to issue unexpected database queries with `IS NULL` or empty where clauses. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2013-6417
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z94j-z575-4ydx |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:gem/actionpack@3.2.16 |
|---|