Search for packages
| purl | pkg:gem/actionpack@3.0.0.alpha0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1rgy-k7a9-m7au
Aliases: CVE-2012-1099 GHSA-2xjj-5x6h-8vmf OSV-79727 |
XSS via posted select tag options Ruby on Rails is vulnerable to remote cross-site scripting because the application does not validate manually generated `select tag options` upon submission to `actionpack/lib/action_view/helpers/form_options_helper.rb`. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Affected by 51 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 52 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 51 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 54 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 54 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-rps2-k24p-9qgq
Aliases: CVE-2011-4319 GHSA-xxr8-833v-c7wc OSV-77199 |
Translate helper method which may allow an attacker to insert arbitrary code into a page The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated input, and these values are not escaped. |
Affected by 52 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 52 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:46:46.688525+00:00 | GitLab Importer | Affected by | VCID-1rgy-k7a9-m7au | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2012-1099.yml | 38.0.0 |
| 2026-04-01T12:46:46.489712+00:00 | GitLab Importer | Affected by | VCID-rps2-k24p-9qgq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2011-4319.yml | 38.0.0 |