VulnerableCode Package Details - pkg:deb/debian/rails@2:4.1.8-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-333w-aacz-mfcr	Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`	CVE-2014-7829 GHSA-h56m-vwxc-3qpw
VCID-zkvd-bfd6-t7dg	Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`	CVE-2014-7818 GHSA-29gr-w57f-rpfw

Vulnerability

Summary

Aliases

VCID-333w-aacz-mfcr

Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`

CVE-2014-7829
GHSA-h56m-vwxc-3qpw

VCID-zkvd-bfd6-t7dg

CVE-2014-7818
GHSA-29gr-w57f-rpfw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:16:17.141660+00:00	Debian Importer	Fixing	VCID-333w-aacz-mfcr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:47:31.929633+00:00	Debian Importer	Fixing	VCID-zkvd-bfd6-t7dg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:22:11.145774+00:00	Debian Importer	Fixing	VCID-333w-aacz-mfcr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:32:27.172696+00:00	Debian Importer	Fixing	VCID-zkvd-bfd6-t7dg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:51:46.565362+00:00	Debian Importer	Fixing	VCID-333w-aacz-mfcr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:46.506939+00:00	Debian Importer	Fixing	VCID-zkvd-bfd6-t7dg	https://security-tracker.debian.org/tracker/data/json	38.1.0