VulnerableCode Package Details - pkg:deb/debian/rails@2:6.1.4.6%2Bdfsg-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1x8k-t8mr-3fgp	URL Redirection to Untrusted Site ('Open Redirect') A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.	CVE-2021-44528 GHSA-qphc-hf5q-v8fc
VCID-jwun-grgg-2uet	Exposure of information in Action Pack Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.	CVE-2022-23633 CVE-2022-23634 GHSA-rmj8-8hhh-gv5h GHSA-wh98-p28r-vrc9

Vulnerability

Summary

Aliases

VCID-1x8k-t8mr-3fgp

URL Redirection to Untrusted Site ('Open Redirect') A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

CVE-2021-44528
GHSA-qphc-hf5q-v8fc

VCID-jwun-grgg-2uet

Exposure of information in Action Pack Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests. This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.

CVE-2022-23633
CVE-2022-23634
GHSA-rmj8-8hhh-gv5h
GHSA-wh98-p28r-vrc9

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:51:38.407226+00:00	Debian Importer	Fixing	VCID-jwun-grgg-2uet	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:18:46.911916+00:00	Debian Importer	Fixing	VCID-1x8k-t8mr-3fgp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:11:40.139493+00:00	Debian Importer	Fixing	VCID-1x8k-t8mr-3fgp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:35:34.361004+00:00	Debian Importer	Fixing	VCID-jwun-grgg-2uet	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:51:48.740692+00:00	Debian Importer	Fixing	VCID-jwun-grgg-2uet	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:48.541520+00:00	Debian Importer	Fixing	VCID-1x8k-t8mr-3fgp	https://security-tracker.debian.org/tracker/data/json	38.1.0