Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/activesupport@4.2
purl pkg:gem/activesupport@4.2
Tags Ghost
Next non-vulnerable version 6.1.7.5
Latest non-vulnerable version 8.1.2.1
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-ed3f-3bxh-eba4
Aliases:
CVE-2015-3227
GHSA-j96r-xvjq-r9pg
activesupport vulnerable to Denial of Service via large XML document depth The (1) `jdom.rb` and (2) `rexml.rb` components in Active Support in Ruby on Rails before 3.2.22, 4.1.x before 4.1.11, and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth.
4.2.2
Affected by 6 other vulnerabilities.
VCID-t2cx-7ycd-tqhq
Aliases:
CVE-2015-3226
GHSA-vxvp-4xwc-jpp6
activesupport Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in `json/encoding.rb` in Active Support in Ruby on Rails 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding.
4.2.2
Affected by 6 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T15:18:18.345915+00:00 Ruby Importer Affected by VCID-ed3f-3bxh-eba4 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2015-3227.yml 38.0.0
2026-04-01T15:18:18.275175+00:00 Ruby Importer Affected by VCID-t2cx-7ycd-tqhq https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2015-3226.yml 38.0.0