VulnerableCode Package Details - pkg:ebuild/dev-ruby/rails@7.0.3.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:ebuild/dev-ruby/rails@7.0.3.1

Essentials
History (1)

purl	pkg:ebuild/dev-ruby/rails@7.0.3.1

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-n8r7-wthv-fqaj	Active Record RCE bug with Serialized Columns When serialized columns that use YAML (the default) are deserialized, Rails uses YAML.unsafe_load to convert the YAML data in to Ruby objects. If an attacker can manipulate data in the database (via means like SQL injection), then it may be possible for the attacker to escalate to an RCE. There are no feasible workarounds for this issue, but other coders (such as JSON) are not impacted.	CVE-2022-32224 GHSA-3hhc-qp5v-9p2j GMS-2022-3029

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:14:29.370119+00:00	Gentoo Importer	Fixing	VCID-n8r7-wthv-fqaj	https://security.gentoo.org/glsa/202408-24	38.0.0