Search for packages
| purl | pkg:gem/actionpack@3.2.0.0.alpha |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-s5ah-tf63-a7cw
Aliases: CVE-2016-2098 GHSA-78rc-8c29-p45g |
Improper Input Validation The Rails gem allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method. |
Affected by 27 other vulnerabilities. Affected by 26 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-z1jv-4ga2-7kd1
Aliases: CVE-2016-2097 GHSA-vx9j-46rh-fqr8 |
Possible Information Leak Vulnerability Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack. |
Affected by 27 other vulnerabilities. Affected by 26 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:47:01.849250+00:00 | GitLab Importer | Affected by | VCID-s5ah-tf63-a7cw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2016-2098.yml | 38.0.0 |
| 2026-04-01T12:47:01.808155+00:00 | GitLab Importer | Affected by | VCID-z1jv-4ga2-7kd1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2016-2097.yml | 38.0.0 |