Search for packages
| purl | pkg:gem/actionpack@3.2.0a |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-333w-aacz-mfcr
Aliases: CVE-2014-7829 GHSA-h56m-vwxc-3qpw |
Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true` |
Affected by 35 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 38 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 36 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 32 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 31 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
|
VCID-zkvd-bfd6-t7dg
Aliases: CVE-2014-7818 GHSA-29gr-w57f-rpfw |
Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true` |
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 38 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 37 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 32 other vulnerabilities.
This version is affected by these other vulnerabilities:
Affected by 31 other vulnerabilities.
This version is affected by these other vulnerabilities:
|
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:46:55.184055+00:00 | GitLab Importer | Affected by | VCID-333w-aacz-mfcr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2014-7829.yml | 38.0.0 |
| 2026-04-01T12:46:55.059524+00:00 | GitLab Importer | Affected by | VCID-zkvd-bfd6-t7dg | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2014-7818.yml | 38.0.0 |