Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/actionpack@2.2
purl pkg:gem/actionpack@2.2
Tags Ghost
Next non-vulnerable version 7.0.8.7
Latest non-vulnerable version 8.1.2.1
Risk 10.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-vgm2-8wjy-x7ed
Aliases:
CVE-2008-7248
GHSA-8fqx-7pv4-3jwm
Improper Input Validation Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.
2.2.2
Affected by 51 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T15:18:19.132361+00:00 Ruby Importer Affected by VCID-vgm2-8wjy-x7ed https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2008-7248.yml 38.0.0