VulnerableCode Package Details - pkg:gem/actionview@4.0.0.0.alpha

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/actionview@4.0.0.0.alpha

Essentials
History (1)

purl	pkg:gem/actionview@4.0.0.0.alpha
Tags	Ghost

Next non-vulnerable version	6.1.7.3
Latest non-vulnerable version	8.1.2.1
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-z1jv-4ga2-7kd1 Aliases: CVE-2016-2097 GHSA-vx9j-46rh-fqr8	Possible Information Leak Vulnerability Applications that pass unverified user input to the `render` method in a controller may be vulnerable to an information leak vulnerability. Impacted code will look something like this: ``` def index; render params[:id]; end ``` Carefully crafted requests can cause the above code to render files from unexpected places like outside the application's view directory, and can possibly escalate this to a remote code execution attack.	4.1.14.2 Affected by 9 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T12:47:01.791683+00:00	GitLab Importer	Affected by	VCID-z1jv-4ga2-7kd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/actionview/CVE-2016-2097.yml	38.0.0