Search for packages
| purl | pkg:gem/actionpack@4.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3wtf-uu89-2qe5
Aliases: CVE-2014-0081 GHSA-m46p-ggm5-5j83 OSV-103439 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. |
Affected by 41 other vulnerabilities. Affected by 38 other vulnerabilities. Affected by 39 other vulnerabilities. |
|
VCID-pmrb-t3bm-zkb6
Aliases: CVE-2013-6414 GHSA-mpxf-gcw2-pw5q OSV-100525 |
Denial of Service Vulnerability in Action View There is a denial of service vulnerability in the header handling component of Action View. Strings sent in specially crafted headers will be cached indefinitely. This can cause the cache to grow infinitely, which will eventually consume all memory on the target machine, causing a denial of service. |
Affected by 42 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:46:51.717879+00:00 | GitLab Importer | Affected by | VCID-3wtf-uu89-2qe5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2014-0081.yml | 38.0.0 |
| 2026-04-01T12:46:50.952881+00:00 | GitLab Importer | Affected by | VCID-pmrb-t3bm-zkb6 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2013-6414.yml | 38.0.0 |