VulnerableCode Package Details - pkg:gem/actionview@2.4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/actionview@2.4

Essentials
History (1)

purl	pkg:gem/actionview@2.4
Tags	Ghost

Next non-vulnerable version	6.1.7.3
Latest non-vulnerable version	8.1.2.1
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-cnqr-6e98-5kgk Aliases: CVE-2011-0446 GHSA-75w6-p6mg-vh8j	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.	3.0.4 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:18:16.399152+00:00	Ruby Importer	Affected by	VCID-cnqr-6e98-5kgk	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2011-0446.yml	38.0.0