Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1
purl pkg:deb/debian/rails@2:7.2.2.2%2Bdfsg-2~deb13u1
Next non-vulnerable version 2:7.2.3.1+dfsg-1
Latest non-vulnerable version 2:7.2.3.1+dfsg-1
Risk
Vulnerabilities affecting this package (9)
Vulnerability Summary Fixed by
VCID-4tzv-1t1b-t3g3
Aliases:
CVE-2026-33169
GHSA-cg4j-q9v8-6v38
Rails Active Support has a possible ReDoS vulnerability in number_to_delimited ### Impact `NumberToDelimitedConverter` used a regular expression with `gsub!` to insert thousands delimiters. This could produce quadratic time complexity on long digit strings. ### Releases The fixed releases are available at the normal locations.
2:7.2.3.1+dfsg-1
Affected by 0 other vulnerabilities.
VCID-5tky-d2en-u7c7
Aliases:
CVE-2026-33170
GHSA-89vf-4333-qx8v
Rails Active Support has a possible XSS vulnerability in SafeBuffer#% ### Impact `SafeBuffer#%` does not propagate the `@html_unsafe` flag to the newly created buffer. If a `SafeBuffer` is mutated in place (e.g. via `gsub!`) and then formatted with `%` using untrusted arguments, the result incorrectly reports `html_safe? == true`, bypassing ERB auto-escaping and possibly leading to XSS. ### Releases The fixed releases are available at the normal locations.
2:7.2.3.1+dfsg-1
Affected by 0 other vulnerabilities.
VCID-96qr-hdbp-p7ff
Aliases:
CVE-2026-33168
GHSA-v55j-83pf-r9cq
Rails has a possible XSS vulnerability in its Action View tag helpers ### Impact When a blank string is used as an HTML attribute name in Action View tag helpers, the attribute escaping is bypassed, producing malformed HTML. A carefully crafted attribute value could then be misinterpreted by the browser as a separate attribute name, possibly leading to XSS. Applications that allow users to specify custom HTML attributes are affected. ### Releases The fixed releases are available at the normal locations.
2:7.2.3.1+dfsg-1
Affected by 0 other vulnerabilities.
VCID-a6z9-5n6k-2kak
Aliases:
CVE-2026-33173
GHSA-qcfx-2mfw-w4cg
Rails Active Storage has possible content type bypass via metadata in direct uploads ### Impact Active Storage's `DirectUploadsController` accepts arbitrary metadata from the client and persists it on the blob. Because internal flags like `identified` and `analyzed` are stored in the same metadata hash, a malicious direct-upload client could set these flags. ### Releases The fixed releases are available at the normal locations.
2:7.2.3.1+dfsg-1
Affected by 0 other vulnerabilities.
VCID-ad6q-vtdf-syb6
Aliases:
CVE-2026-33658
GHSA-p9fm-f462-ggrg
Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests ### Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. ### Releases The fixed releases are available at the normal locations.
2:7.2.3.1+dfsg-1
Affected by 0 other vulnerabilities.
VCID-hatd-vkun-13hj
Aliases:
CVE-2026-33202
GHSA-73f9-jhhh-hr5m
Rails Active Storage has possible glob injection in its DiskService ### Impact Active Storage's `DiskService#delete_prefixed` passes blob keys directly to `Dir.glob` without escaping glob metacharacters. If a blob key contains attacker-controlled input or custom-generated keys with glob metacharacters, it may be possible to delete unintended files from the storage directory. ### Releases The fixed releases are available at the normal locations.
2:7.2.3.1+dfsg-1
Affected by 0 other vulnerabilities.
VCID-qxe4-dubt-1kfp
Aliases:
CVE-2026-33174
GHSA-r46p-8f7g-vvvg
Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests ### Impact When serving files through Active Storage's `Blobs::ProxyController`, the controller loads the entire requested byte range into memory before sending it. A request with a large or unbounded Range header (e.g. `bytes=0-`) could cause the server to allocate memory proportional to the file size, possibly resulting in a DoS vulnerability through memory exhaustion. ### Releases The fixed releases are available at the normal locations.
2:7.2.3.1+dfsg-1
Affected by 0 other vulnerabilities.
VCID-sarm-n22v-akcm
Aliases:
CVE-2026-33176
GHSA-2j26-frm8-cmj9
Rails Active Support has a possible DoS vulnerability in its number helpers ### Impact Active Support number helpers accept strings containing scientific notation (e.g. `1e10000`), which when converted to a string could be expanded into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted, possibly resulting in a DoS vulnerability. ### Releases The fixed releases are available at the normal locations.
2:7.2.3.1+dfsg-1
Affected by 0 other vulnerabilities.
VCID-wpmk-wgpm-cuee
Aliases:
CVE-2026-33195
GHSA-9xrj-h377-fr87
Rails Active Storage has possible Path Traversal in DiskService ### Impact Active Storage's `DiskService#path_for` does not validate that the resolved filesystem path remains within the storage root directory. If a blob key containing path traversal sequences (e.g. `../`) is used, it could allow reading, writing, or deleting arbitrary files on the server. Blob keys are expected to be trusted strings, but some applications could be passing user input as keys and would be affected. ### Releases The fixed releases are available at the normal locations.
2:7.2.3.1+dfsg-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:31:02.941850+00:00 Debian Importer Affected by VCID-sarm-n22v-akcm https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:58:24.407797+00:00 Debian Importer Affected by VCID-hatd-vkun-13hj https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:46:09.512838+00:00 Debian Importer Affected by VCID-qxe4-dubt-1kfp https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:11:43.498966+00:00 Debian Importer Affected by VCID-ad6q-vtdf-syb6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:03:35.437360+00:00 Debian Importer Affected by VCID-4tzv-1t1b-t3g3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:10:23.448969+00:00 Debian Importer Affected by VCID-5tky-d2en-u7c7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:51:19.648868+00:00 Debian Importer Affected by VCID-a6z9-5n6k-2kak https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:46:58.808035+00:00 Debian Importer Affected by VCID-wpmk-wgpm-cuee https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:43:07.326485+00:00 Debian Importer Affected by VCID-96qr-hdbp-p7ff https://security-tracker.debian.org/tracker/data/json 38.4.0