VulnerableCode Package Details - pkg:gem/activestorage@8.1.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/activestorage@8.1.0

Essentials
History (4)

purl	pkg:gem/activestorage@8.1.0

Next non-vulnerable version	8.1.2.1
Latest non-vulnerable version	8.1.2.1
Risk	3.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-ad6q-vtdf-syb6 Aliases: CVE-2026-33658 GHSA-p9fm-f462-ggrg	Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests ### Impact Active Storage's proxy controller does not limit the number of byte ranges in an HTTP Range header. A request with thousands of small ranges causes disproportionate CPU usage compared to a normal request for the same file, possibly resulting in a DoS vulnerability. ### Releases The fixed releases are available at the normal locations.	8.1.2.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-11T21:39:59.560100+00:00	Ruby Importer	Affected by	VCID-ad6q-vtdf-syb6	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33658.yml	38.3.0
2026-04-02T19:37:15.688286+00:00	Ruby Importer	Affected by	VCID-ad6q-vtdf-syb6	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33658.yml	38.1.0
2026-04-02T17:01:24.490304+00:00	GHSA Importer	Affected by	VCID-ad6q-vtdf-syb6	https://github.com/advisories/GHSA-p9fm-f462-ggrg	38.1.0
2026-04-01T15:55:08.932734+00:00	Ruby Importer	Affected by	VCID-ad6q-vtdf-syb6	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2026-33658.yml	38.0.0