Search for packages
| purl | pkg:deb/debian/rails@2:4.2.4-2?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-ed3f-3bxh-eba4 | activesupport vulnerable to Denial of Service via large XML document depth The (1) `jdom.rb` and (2) `rexml.rb` components in Active Support in Ruby on Rails before 3.2.22, 4.1.x before 4.1.11, and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. |
CVE-2015-3227
GHSA-j96r-xvjq-r9pg |
| VCID-t2cx-7ycd-tqhq | activesupport Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in `json/encoding.rb` in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding. |
CVE-2015-3226
GHSA-vxvp-4xwc-jpp6 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T10:09:12.992122+00:00 | Debian Importer | Fixing | VCID-ed3f-3bxh-eba4 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T08:40:54.140041+00:00 | Debian Importer | Fixing | VCID-t2cx-7ycd-tqhq | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-13T06:49:15.509048+00:00 | Debian Importer | Fixing | VCID-ed3f-3bxh-eba4 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-11T17:51:54.282701+00:00 | Debian Importer | Fixing | VCID-t2cx-7ycd-tqhq | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:51:46.683641+00:00 | Debian Importer | Fixing | VCID-ed3f-3bxh-eba4 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:51:46.624584+00:00 | Debian Importer | Fixing | VCID-t2cx-7ycd-tqhq | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |