Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/actionview@4.2.5.0
purl pkg:gem/actionview@4.2.5.0
Tags Ghost
Next non-vulnerable version 6.1.7.3
Latest non-vulnerable version 8.1.2.1
Risk 10.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-aum5-dnbu-nfd3
Aliases:
GHSA-6834-r92f-jj42
Moderate severity vulnerability that affects actionview Withdrawn, accidental duplicate publish. Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
4.2.5.1
Affected by 9 other vulnerabilities.
VCID-v3r3-bwp5-a3bn
Aliases:
CVE-2016-0752
GHSA-xrr4-p6fq-hjg7
Path Traversal The Rails gem allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a `..` in a pathname.
4.2.5.1
Affected by 9 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T15:56:40.771745+00:00 GHSA Importer Affected by VCID-aum5-dnbu-nfd3 https://github.com/advisories/GHSA-6834-r92f-jj42 38.0.0
2026-04-01T15:56:11.963607+00:00 GHSA Importer Affected by VCID-v3r3-bwp5-a3bn https://github.com/advisories/GHSA-xrr4-p6fq-hjg7 38.0.0