Search for packages
| purl | pkg:deb/debian/rails@2:4.2.7.1-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-86jq-2md2-d7ah | Possible XSS Vulnerability in ActionView There is a possible XSS vulnerability in Action View. Text declared as `HTML safe` will not have quotes escaped when used as attribute values in tag helpers. |
CVE-2016-6316
GHSA-pc3m-v286-2jwj |
| VCID-9t7a-muwx-zyee | Improper Access Control The Rails gem does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing `WHERE` clauses via a crafted request. |
CVE-2016-6317
GHSA-pr3r-4wrp-r2pv |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T09:18:23.637877+00:00 | Debian Importer | Fixing | VCID-9t7a-muwx-zyee | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T09:17:56.463834+00:00 | Debian Importer | Fixing | VCID-86jq-2md2-d7ah | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-13T08:42:37.462610+00:00 | Debian Importer | Fixing | VCID-9t7a-muwx-zyee | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-11T18:12:49.445676+00:00 | Debian Importer | Fixing | VCID-86jq-2md2-d7ah | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:51:47.196865+00:00 | Debian Importer | Fixing | VCID-9t7a-muwx-zyee | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:51:47.138431+00:00 | Debian Importer | Fixing | VCID-86jq-2md2-d7ah | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |