Search for packages
| purl | pkg:gem/actionview@3.2.22.1 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-g9t2-g33e-87fe
Aliases: GHSA-2pwf-xwr3-hp55 |
Moderate severity vulnerability that affects actionview Withdrawn, accidental duplicate publish. Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.2 and 4.x before 4.1.14.2 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0752. |
Affected by 1 other vulnerability. Affected by 9 other vulnerabilities. |
|
VCID-z1jv-4ga2-7kd1
Aliases: CVE-2016-2097 GHSA-vx9j-46rh-fqr8 |
Possible Information Leak Vulnerability Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack. |
Affected by 1 other vulnerability. Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:56:36.564250+00:00 | GHSA Importer | Affected by | VCID-g9t2-g33e-87fe | https://github.com/advisories/GHSA-2pwf-xwr3-hp55 | 38.0.0 |
| 2026-04-01T15:56:11.857161+00:00 | GHSA Importer | Affected by | VCID-z1jv-4ga2-7kd1 | https://github.com/advisories/GHSA-vx9j-46rh-fqr8 | 38.0.0 |