Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/rails@2:6.0.3.4%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/rails@2:6.0.3.4%2Bdfsg-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-zy7d-3db6-sydw Cross-site scripting in actionpack In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware. Workarounds ----------- Until such time as the patch can be applied, application developers should disable the Actionable Exceptions middleware in their development environment via a line such as this one in their config/environment/development.rb: `config.middleware.delete ActionDispatch::ActionableExceptions` CVE-2020-8264
GHSA-35mm-cc6r-8fjp

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T08:51:02.445992+00:00 Debian Importer Fixing VCID-zy7d-3db6-sydw https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-11T18:04:01.396394+00:00 Debian Importer Fixing VCID-zy7d-3db6-sydw https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:51:48.093898+00:00 Debian Importer Fixing VCID-zy7d-3db6-sydw https://security-tracker.debian.org/tracker/data/json 38.1.0