VulnerableCode Package Details - pkg:deb/debian/rails@2:6.1.6.1%2Bdfsg-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ce39-j83r-6ug9	Duplicate This advisory duplicates another.	CVE-2022-22577 GHSA-mm33-5vfq-3mm3 GMS-2022-1137
VCID-n8r7-wthv-fqaj	Active Record RCE bug with Serialized Columns When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE. There are no feasible workarounds for this issue, but other coders (such as JSON) are not impacted.	CVE-2022-32224 GHSA-3hhc-qp5v-9p2j GMS-2022-3029
VCID-p5mc-r1rg-5ff7	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in actionview.	CVE-2022-27777 GHSA-ch3h-j2vf-95pv GMS-2022-1138

Vulnerability

Summary

Aliases

VCID-ce39-j83r-6ug9

Duplicate This advisory duplicates another.

CVE-2022-22577
GHSA-mm33-5vfq-3mm3
GMS-2022-1137

VCID-n8r7-wthv-fqaj

Active Record RCE bug with Serialized Columns When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE. There are no feasible workarounds for this issue, but other coders (such as JSON) are not impacted.

CVE-2022-32224
GHSA-3hhc-qp5v-9p2j
GMS-2022-3029

VCID-p5mc-r1rg-5ff7

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in actionview.

CVE-2022-27777
GHSA-ch3h-j2vf-95pv
GMS-2022-1138

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T22:44:47.581866+00:00	Debian Importer	Fixing	VCID-n8r7-wthv-fqaj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:08:39.329524+00:00	Debian Importer	Fixing	VCID-ce39-j83r-6ug9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:17:19.857258+00:00	Debian Importer	Fixing	VCID-p5mc-r1rg-5ff7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-14T12:41:28.387402+00:00	Debian Importer	Fixing	VCID-n8r7-wthv-fqaj	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:48:49.338851+00:00	Debian Importer	Fixing	VCID-ce39-j83r-6ug9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:12:24.997526+00:00	Debian Importer	Fixing	VCID-p5mc-r1rg-5ff7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:51:48.881068+00:00	Debian Importer	Fixing	VCID-n8r7-wthv-fqaj	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:48.806547+00:00	Debian Importer	Fixing	VCID-p5mc-r1rg-5ff7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:48.674953+00:00	Debian Importer	Fixing	VCID-ce39-j83r-6ug9	https://security-tracker.debian.org/tracker/data/json	38.1.0