Search for packages
| purl | pkg:gem/activerecord@2.4.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-nk6g-hhsk-8kaw
Aliases: CVE-2013-0277 GHSA-fhj9-cjjh-27vm OSV-90073 |
Serialized Attributes YAML Vulnerability with Rails 2.3 and 3.0 There is a vulnerability in the serialized attribute handling code in Ruby on Rails, applications which allow users to directly assign to the serialized fields in their models are at risk of Denial of Service or Remote Code Execution vulnerabilities. |
Affected by 22 other vulnerabilities. |
|
VCID-xa94-z6yu-skf8
Aliases: CVE-2013-1854 GHSA-3crr-9vmg-864v OSV-91453 |
Symbol DoS vulnerability in Active Record When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce `params[:name]` to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use one of the work arounds immediately. |
Affected by 22 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 16 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T12:46:48.779079+00:00 | GitLab Importer | Affected by | VCID-xa94-z6yu-skf8 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2013-1854.yml | 38.0.0 |
| 2026-04-01T12:46:48.153459+00:00 | GitLab Importer | Affected by | VCID-nk6g-hhsk-8kaw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/activerecord/CVE-2013-0277.yml | 38.0.0 |