Search for packages
| purl | pkg:gem/activesupport@3.2 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-43f3-rxwm-fkgv
Aliases: CVE-2011-2932 GHSA-9fh3-vh3h-q4g3 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability." | There are no reported fixed by versions. |
|
VCID-hr2h-y693-sbgc
Aliases: CVE-2012-3464 GHSA-h835-75hw-pj89 OSV-84516 |
activesupport Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in `activesupport/lib/active_support/core_ext/string/output_safety.rb` in Ruby on Rails before 2.3.16, 3.0.x before , 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character. |
Affected by 11 other vulnerabilities. |
|
VCID-uudj-r63z-kban
Aliases: CVE-2013-1856 GHSA-9c2j-593q-3g82 OSV-91451 |
XML Parsing Vulnerability affecting JRuby users There is a vulnerability in the JDOM backend to ActiveSupport's XML parser. you should upgrade or use one of the work arounds immediately. |
Affected by 10 other vulnerabilities. |
|
VCID-va9q-fjn6-yqee
Aliases: CVE-2012-1098 GHSA-qv8p-v9qw-wc7g OSV-79726 |
Direct Manipulation XSS Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate direct manipulations of `SafeBuffer` objects via `'[]'` and other methods. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
Affected by 12 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:18:18.317485+00:00 | Ruby Importer | Affected by | VCID-43f3-rxwm-fkgv | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2011-2932.yml | 38.0.0 |
| 2026-04-01T15:18:18.217008+00:00 | Ruby Importer | Affected by | VCID-va9q-fjn6-yqee | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-1098.yml | 38.0.0 |
| 2026-04-01T15:18:18.173122+00:00 | Ruby Importer | Affected by | VCID-uudj-r63z-kban | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2013-1856.yml | 38.0.0 |
| 2026-04-01T15:18:18.038352+00:00 | Ruby Importer | Affected by | VCID-hr2h-y693-sbgc | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2012-3464.yml | 38.0.0 |