VulnerableCode Package Details - pkg:deb/debian/rails@2.2.3-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3zdr-vasc-a7cn	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.	CVE-2009-3009 GHSA-8qrh-h9m2-5fvf OSV-57666
VCID-7f5r-9h1g-nuch	Exposure of Sensitive Information to an Unauthorized Actor A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.	CVE-2009-3086 GHSA-fg9w-g6m4-557j
VCID-vgm2-8wjy-x7ed	Improper Input Validation Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.	CVE-2008-7248 GHSA-8fqx-7pv4-3jwm

Vulnerability

Summary

Aliases

VCID-3zdr-vasc-a7cn

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

CVE-2009-3009
GHSA-8qrh-h9m2-5fvf
OSV-57666

VCID-7f5r-9h1g-nuch

Exposure of Sensitive Information to an Unauthorized Actor A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.

CVE-2009-3086
GHSA-fg9w-g6m4-557j

VCID-vgm2-8wjy-x7ed

Improper Input Validation Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.

CVE-2008-7248
GHSA-8fqx-7pv4-3jwm

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:48:09.714350+00:00	Debian Importer	Fixing	VCID-7f5r-9h1g-nuch	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:44:45.526343+00:00	Debian Importer	Fixing	VCID-3zdr-vasc-a7cn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:22:31.952072+00:00	Debian Importer	Fixing	VCID-vgm2-8wjy-x7ed	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:03:04.056782+00:00	Debian Importer	Fixing	VCID-7f5r-9h1g-nuch	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:16:01.759550+00:00	Debian Importer	Fixing	VCID-3zdr-vasc-a7cn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:15:39.151658+00:00	Debian Importer	Fixing	VCID-vgm2-8wjy-x7ed	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:51:44.202675+00:00	Debian Importer	Fixing	VCID-7f5r-9h1g-nuch	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:44.146442+00:00	Debian Importer	Fixing	VCID-3zdr-vasc-a7cn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:44.029962+00:00	Debian Importer	Fixing	VCID-vgm2-8wjy-x7ed	https://security-tracker.debian.org/tracker/data/json	38.1.0