Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/actionpack@4.2.0.a
purl pkg:gem/actionpack@4.2.0.a
Tags Ghost
Next non-vulnerable version 7.0.8.7
Latest non-vulnerable version 8.1.2.1
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-zkvd-bfd6-t7dg
Aliases:
CVE-2014-7818
GHSA-29gr-w57f-rpfw
Arbitrary file existence disclosure Specially crafted requests can be used to determine whether a file exists on the filesystem that is outside the Rails application's root directory. The files will not be served, but attackers can determine whether the file exists. This only impacts Rails applications that enable static file serving at runtime. For example, the application's production configuration will say: `config.serve_static_assets = true`
4.2.0.beta1
Affected by 32 other vulnerabilities.
4.2.0.beta3
Affected by 31 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T12:46:55.066304+00:00 GitLab Importer Affected by VCID-zkvd-bfd6-t7dg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionpack/CVE-2014-7818.yml 38.0.0