VulnerableCode Package Details - pkg:gem/actionpack@10.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/actionpack@10.0

Essentials
History (1)

purl	pkg:gem/actionpack@10.0
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-mnkw-23eu-bkgc Aliases: CVE-2020-8166 GHSA-jp5v-5gx4-jmj9	Ability to forge per-form CSRF tokens in Rails It is possible to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token for any action for that session. Impact ------ Given the ability to extract the global CSRF token, an attacker would be able to construct a per-form CSRF token for that session. Workarounds ----------- This is a low-severity security issue. As such, no workaround is necessarily until such time as the application can be upgraded.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T12:36:53.725189+00:00	GitLab Importer	Affected by	VCID-mnkw-23eu-bkgc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2020-8166.yml	38.0.0